Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need Help Ridding Zeroaccess Virus

Started by Teed55, Apr 06 2012 09:53 PM

This topic is locked
Go to first unread post

23 replies to this topic

#1
Teed55

Posted 06 April 2012 - 09:53 PM

New Member

Members
13 posts

Gender:Female

Need help to remove Zeroaccess virus! I’m about to lose my mind & religion over this! We recently moved and just set up the desktop comp that is infected last weekend. Here are the problems:

After logging in at desktop, System32 folder will open up
Get an installed hardware box (have no idea what this is for…)
Internet Explorer will timeout/crash after about 5 minutes or so.
Computer is VERY slow.

This “rebuilt” computer is running Windows XP, Professional version.We did purchase Malwarebytes back around November when we had another virus on it.We also use PC Tools/Spyware Doctor and McAfee Antivirus Plus.Each will catch the virus and stop it, but it’s still here.I’m not all that tech-savy, but with good instructions I can do what I can to clean up this mess.I’d greatly appreciate the help.

#2
Larusso

Posted 06 April 2012 - 11:05 PM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download DDS and save it to your desktop from here or here
Double click dds to run the tool.

When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
Save both reports to your desktop and post them in your next reply

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#3
Teed55

Posted 06 April 2012 - 11:28 PM

New Member

Members
13 posts

Gender:Female

Daniel, thank you for your help! I did download the dds to my desktop. And double clicked to run it, but the black text box was only up for a couple of seconds. It never created either log.

Do you want me to download the TDS Skiller.exe now?

#4
Larusso

Posted 07 April 2012 - 09:26 AM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Yes please. Lets see if it will run.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#5
Teed55

Posted 08 April 2012 - 11:35 AM

New Member

Members
13 posts

Gender:Female

Daniel, sorry I was away from home yesterday. Just to let you know we do have three users set up for this computer. Here is the copy of the TDS log:

12:27:56.0931 5452 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:27:57.0759 5452 ============================================================
12:27:57.0759 5452 Current date / time: 2012/04/08 12:27:57.0759
12:27:57.0759 5452 SystemInfo:
12:27:57.0759 5452
12:27:57.0759 5452 OS Version: 5.1.2600 ServicePack: 3.0
12:27:57.0759 5452 Product type: Workstation
12:27:57.0759 5452 ComputerName: DESKTOP-1
12:27:57.0759 5452 UserName: John & Wendy
12:27:57.0759 5452 Windows directory: C:\WINDOWS
12:27:57.0759 5452 System windows directory: C:\WINDOWS
12:27:57.0759 5452 Processor architecture: Intel x86
12:27:57.0759 5452 Number of processors: 4
12:27:57.0759 5452 Page size: 0x1000
12:27:57.0759 5452 Boot type: Normal boot
12:27:57.0759 5452 ============================================================
12:27:59.0181 5452 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:27:59.0212 5452 \Device\Harddisk0\DR0:
12:27:59.0212 5452 MBR used
12:27:59.0212 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
12:27:59.0259 5452 Initialize success
12:27:59.0259 5452 ============================================================
12:28:01.0962 6100 ============================================================
12:28:01.0962 6100 Scan started
12:28:01.0962 6100 Mode: Manual;
12:28:01.0962 6100 ============================================================
12:28:02.0650 6100 Abiosdsk - ok
12:28:02.0665 6100 abp480n5 - ok
12:28:02.0728 6100 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
12:28:02.0775 6100 ac.sharedstore - ok
12:28:02.0821 6100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:28:02.0821 6100 ACPI - ok
12:28:02.0868 6100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:28:02.0868 6100 ACPIEC - ok
12:28:02.0884 6100 acrsch2svc - ok
12:28:02.0946 6100 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:28:02.0993 6100 AdobeFlashPlayerUpdateSvc - ok
12:28:02.0993 6100 adpu160m - ok
12:28:03.0009 6100 adpu320 - ok
12:28:03.0025 6100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:28:03.0040 6100 aec - ok
12:28:03.0040 6100 Afc - ok
12:28:03.0087 6100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:28:03.0134 6100 AFD - ok
12:28:03.0165 6100 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
12:28:03.0212 6100 AFS2K - ok
12:28:03.0212 6100 Aha154x - ok
12:28:03.0228 6100 aic78u2 - ok
12:28:03.0228 6100 aic78xx - ok
12:28:03.0275 6100 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:28:03.0275 6100 Alerter - ok
12:28:03.0290 6100 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:28:03.0290 6100 ALG - ok
12:28:03.0290 6100 AliIde - ok
12:28:03.0306 6100 AlteraByteBlaster - ok
12:28:03.0368 6100 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:28:03.0431 6100 Ambfilt - ok
12:28:03.0431 6100 amsint - ok
12:28:03.0446 6100 amusbprt - ok
12:28:03.0478 6100 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:28:03.0478 6100 AppMgmt - ok
12:28:03.0478 6100 AR5416 - ok
12:28:03.0493 6100 asc - ok
12:28:03.0493 6100 asc3350p - ok
12:28:03.0509 6100 asc3550 - ok
12:28:03.0540 6100 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
12:28:03.0587 6100 AsIO - ok
12:28:03.0634 6100 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:28:03.0681 6100 aspnet_state - ok
12:28:03.0759 6100 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
12:28:03.0806 6100 AsSysCtrlService - ok
12:28:03.0806 6100 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
12:28:03.0853 6100 AsUpIO - ok
12:28:03.0900 6100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:28:03.0900 6100 AsyncMac - ok
12:28:03.0946 6100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:28:03.0946 6100 atapi - ok
12:28:03.0946 6100 Atdisk - ok
12:28:03.0993 6100 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe
12:28:04.0056 6100 Ati HotKey Poller - ok
12:28:04.0103 6100 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe
12:28:04.0212 6100 ATI Smart - ok
12:28:04.0243 6100 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:28:04.0321 6100 ati2mtag - ok
12:28:04.0321 6100 atitool - ok
12:28:04.0368 6100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:04.0368 6100 Atmarpc - ok
12:28:04.0415 6100 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:28:04.0415 6100 AudioSrv - ok
12:28:04.0446 6100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:04.0446 6100 audstub - ok
12:28:04.0462 6100 autostore - ok
12:28:04.0462 6100 AVRec - ok
12:28:04.0493 6100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:28:04.0509 6100 Beep - ok
12:28:04.0525 6100 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:28:04.0525 6100 BITS - ok
12:28:04.0540 6100 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:28:04.0540 6100 Browser - ok
12:28:04.0587 6100 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
12:28:04.0650 6100 Browser Defender Update Service - ok
12:28:04.0665 6100 btnetfilter - ok
12:28:04.0681 6100 BUFADPT - ok
12:28:04.0696 6100 cachemgr - ok
12:28:04.0696 6100 Cam5603C - ok
12:28:04.0696 6100 Cam5603D - ok
12:28:04.0743 6100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:28:04.0743 6100 cbidf2k - ok
12:28:04.0759 6100 cd20xrnt - ok
12:28:04.0759 6100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:28:04.0759 6100 Cdaudio - ok
12:28:04.0806 6100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:04.0806 6100 Cdfs - ok
12:28:04.0821 6100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:04.0821 6100 Cdrom - ok
12:28:04.0853 6100 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
12:28:04.0853 6100 cfwids - ok
12:28:04.0868 6100 Changer - ok
12:28:04.0900 6100 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:28:04.0915 6100 CiSvc - ok
12:28:04.0946 6100 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:28:04.0946 6100 ClipSrv - ok
12:28:04.0978 6100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:28:05.0025 6100 clr_optimization_v2.0.50727_32 - ok
12:28:05.0025 6100 CmdIde - ok
12:28:05.0040 6100 CnxTrUsb - ok
12:28:05.0040 6100 comhost - ok
12:28:05.0040 6100 COMSysApp - ok
12:28:05.0056 6100 Cpqarray - ok
12:28:05.0056 6100 cpqdfw - ok
12:28:05.0071 6100 cpqdmi - ok
12:28:05.0071 6100 cpucoolserver - ok
12:28:05.0087 6100 cqmghost - ok
12:28:05.0087 6100 crauto - ok
12:28:05.0103 6100 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:28:05.0103 6100 CryptSvc - ok
12:28:05.0103 6100 ctljystk - ok
12:28:05.0103 6100 cvslock - ok
12:28:05.0150 6100 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
12:28:05.0228 6100 cxbu0wdm - ok
12:28:05.0228 6100 dac2w2k - ok
12:28:05.0243 6100 dac960nt - ok
12:28:05.0243 6100 DCamUSBMke2 - ok
12:28:05.0290 6100 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:28:05.0290 6100 DcomLaunch - ok
12:28:05.0306 6100 dcpflics - ok
12:28:05.0306 6100 dcstor32 - ok
12:28:05.0306 6100 defwatch - ok
12:28:05.0353 6100 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:28:05.0353 6100 Dhcp - ok
12:28:05.0353 6100 dirms_defragmentation - ok
12:28:05.0400 6100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:05.0400 6100 Disk - ok
12:28:05.0400 6100 diskeeper - ok
12:28:05.0415 6100 dlaudfam - ok
12:28:05.0415 6100 dmadmin - ok
12:28:05.0446 6100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:28:05.0462 6100 dmboot - ok
12:28:05.0493 6100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:28:05.0509 6100 dmio - ok
12:28:05.0509 6100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:28:05.0509 6100 dmload - ok
12:28:05.0571 6100 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:28:05.0571 6100 dmserver - ok
12:28:05.0587 6100 DMUSBUSBDCam - ok
12:28:05.0603 6100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:28:05.0618 6100 DMusic - ok
12:28:05.0650 6100 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:28:05.0681 6100 Dnscache - ok
12:28:05.0696 6100 dnserver32 - ok
12:28:05.0759 6100 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:28:05.0759 6100 Dot3svc - ok
12:28:05.0775 6100 dpti2o - ok
12:28:05.0775 6100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:28:05.0775 6100 drmkaud - ok
12:28:05.0837 6100 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe
12:28:05.0837 6100 DvmMDES - ok
12:28:05.0884 6100 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:28:05.0884 6100 EapHost - ok
12:28:05.0884 6100 edspport - ok
12:28:05.0900 6100 egathdrv - ok
12:28:05.0900 6100 ELmou - ok
12:28:05.0900 6100 eloggersvc6 - ok
12:28:05.0915 6100 elotouchscreen - ok
12:28:05.0931 6100 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:28:05.0931 6100 ERSvc - ok
12:28:05.0946 6100 ET5Drv - ok
12:28:05.0946 6100 EU3_USB - ok
12:28:05.0978 6100 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:05.0993 6100 Eventlog - ok
12:28:05.0993 6100 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
12:28:05.0993 6100 EventSystem - ok
12:28:06.0009 6100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:06.0009 6100 Fastfat - ok
12:28:06.0056 6100 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:06.0087 6100 FastUserSwitchingCompatibility - ok
12:28:06.0103 6100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:28:06.0103 6100 Fdc - ok
12:28:06.0103 6100 filechecker - ok
12:28:06.0118 6100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:28:06.0118 6100 Fips - ok
12:28:06.0150 6100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:28:06.0150 6100 Flpydisk - ok
12:28:06.0181 6100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:28:06.0181 6100 FltMgr - ok
12:28:06.0306 6100 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:28:06.0321 6100 FontCache3.0.0.0 - ok
12:28:06.0337 6100 Freedom - ok
12:28:06.0353 6100 fshttps - ok
12:28:06.0353 6100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:06.0353 6100 Fs_Rec - ok
12:28:06.0368 6100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:06.0368 6100 Ftdisk - ok
12:28:06.0384 6100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:06.0384 6100 Gpc - ok
12:28:06.0462 6100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:28:06.0509 6100 gupdate - ok
12:28:06.0556 6100 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:28:06.0634 6100 hamachi - ok
12:28:06.0728 6100 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
12:28:06.0728 6100 Hamachi2Svc - ok
12:28:06.0775 6100 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:28:06.0775 6100 HDAudBus - ok
12:28:06.0806 6100 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
12:28:06.0868 6100 HECI - ok
12:28:06.0915 6100 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:28:06.0915 6100 helpsvc - ok
12:28:06.0931 6100 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:28:06.0946 6100 HidServ - ok
12:28:06.0962 6100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:06.0962 6100 hidusb - ok
12:28:07.0009 6100 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:28:07.0009 6100 hkmsvc - ok
12:28:07.0025 6100 HPFECP20 - ok
12:28:07.0025 6100 hpn - ok
12:28:07.0056 6100 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:28:07.0087 6100 HPZid412 - ok
12:28:07.0103 6100 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:28:07.0134 6100 HPZipr12 - ok
12:28:07.0134 6100 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:28:07.0165 6100 HPZius12 - ok
12:28:07.0212 6100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:07.0212 6100 HTTP - ok
12:28:07.0275 6100 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:28:07.0275 6100 HTTPFilter - ok
12:28:07.0275 6100 i2omgmt - ok
12:28:07.0290 6100 i2omp - ok
12:28:07.0337 6100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:07.0337 6100 i8042prt - ok
12:28:07.0353 6100 iaantmon - ok
12:28:07.0368 6100 iaimfp1 - ok
12:28:07.0368 6100 iaimfp2 - ok
12:28:07.0431 6100 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:28:07.0493 6100 ialm - ok
12:28:07.0493 6100 ibmpmdrv - ok
12:28:07.0509 6100 ICM10USB - ok
12:28:07.0665 6100 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:28:07.0775 6100 IDriverT - ok
12:28:08.0118 6100 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:28:08.0275 6100 idsvc - ok
12:28:08.0275 6100 iftpsvc - ok
12:28:08.0290 6100 ikfileflt - ok
12:28:08.0290 6100 iksysflt - ok
12:28:08.0337 6100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:08.0337 6100 Imapi - ok
12:28:08.0384 6100 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
12:28:08.0384 6100 ImapiService - ok
12:28:08.0400 6100 ini910u - ok
12:28:08.0509 6100 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:28:08.0571 6100 IntcAzAudAddService - ok
12:28:08.0603 6100 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
12:28:08.0681 6100 IntcDAud - ok
12:28:08.0696 6100 IntelIde - ok
12:28:08.0728 6100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:08.0728 6100 intelppm - ok
12:28:08.0743 6100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:28:08.0743 6100 ip6fw - ok
12:28:08.0775 6100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:08.0775 6100 IpFilterDriver - ok
12:28:08.0806 6100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:08.0821 6100 IpInIp - ok
12:28:08.0853 6100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:08.0853 6100 IpNat - ok
12:28:08.0900 6100 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:08.0900 6100 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a91
12:28:08.0900 6100 IPSec ( Virus.Win32.ZAccess.k ) - infected
12:28:08.0900 6100 IPSec - detected Virus.Win32.ZAccess.k (0)
12:28:08.0900 6100 IPSECSHM - ok
12:28:08.0931 6100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:08.0931 6100 IRENUM - ok
12:28:08.0946 6100 irmon - ok
12:28:08.0978 6100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:08.0978 6100 isapnp - ok
12:28:08.0978 6100 issuser - ok
12:28:09.0071 6100 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:28:09.0118 6100 JavaQuickStarterService - ok
12:28:09.0118 6100 JGOGO - ok
12:28:09.0134 6100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:09.0134 6100 Kbdclass - ok
12:28:09.0150 6100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:09.0150 6100 kmixer - ok
12:28:09.0181 6100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:09.0181 6100 KSecDD - ok
12:28:09.0196 6100 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:28:09.0228 6100 lanmanserver - ok
12:28:09.0259 6100 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:28:09.0259 6100 lanmanworkstation - ok
12:28:09.0275 6100 lbrtfdc - ok
12:28:09.0275 6100 lhidusb - ok
12:28:09.0321 6100 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:28:09.0321 6100 LmHosts - ok
12:28:09.0337 6100 lmimaint - ok
12:28:09.0337 6100 LMouKE - ok
12:28:09.0415 6100 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:28:09.0415 6100 LMS - ok
12:28:09.0446 6100 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:28:09.0525 6100 MBAMProtector - ok
12:28:09.0603 6100 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:28:09.0650 6100 MBAMService - ok
12:28:09.0743 6100 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
12:28:09.0806 6100 McMPFSvc - ok
12:28:09.0837 6100 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:28:09.0837 6100 mcmscsvc - ok
12:28:09.0837 6100 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:28:09.0837 6100 McNaiAnn - ok
12:28:09.0837 6100 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:28:09.0837 6100 McNASvc - ok
12:28:09.0915 6100 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe
12:28:09.0962 6100 McODS - ok
12:28:09.0962 6100 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:28:09.0962 6100 McProxy - ok
12:28:10.0025 6100 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:28:10.0025 6100 McShield - ok
12:28:10.0134 6100 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:28:10.0134 6100 Messenger - ok
12:28:10.0150 6100 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
12:28:10.0196 6100 mfeapfk - ok
12:28:10.0228 6100 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
12:28:10.0275 6100 mfeavfk - ok
12:28:10.0275 6100 mfeavfk01 - ok
12:28:10.0290 6100 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
12:28:10.0321 6100 mfebopk - ok
12:28:10.0400 6100 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:28:10.0400 6100 mfefire - ok
12:28:10.0415 6100 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
12:28:10.0462 6100 mfefirek - ok
12:28:10.0525 6100 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
12:28:10.0603 6100 mfehidk - ok
12:28:10.0618 6100 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
12:28:10.0665 6100 mfendisk - ok
12:28:10.0681 6100 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
12:28:10.0681 6100 mfendiskmp - ok
12:28:10.0696 6100 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
12:28:10.0743 6100 mferkdet - ok
12:28:10.0775 6100 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
12:28:10.0806 6100 mfetdi2k - ok
12:28:10.0853 6100 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe
12:28:10.0884 6100 mfevtp - ok
12:28:10.0900 6100 mhn - ok
12:28:10.0978 6100 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:28:11.0025 6100 Microsoft Office Groove Audit Service - ok
12:28:11.0056 6100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:11.0056 6100 mnmdd - ok
12:28:11.0103 6100 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
12:28:11.0103 6100 mnmsrvc - ok
12:28:11.0118 6100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:28:11.0118 6100 Modem - ok
12:28:11.0165 6100 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
12:28:11.0228 6100 Monfilt - ok
12:28:11.0243 6100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:11.0259 6100 Mouclass - ok
12:28:11.0290 6100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:11.0290 6100 mouhid - ok
12:28:11.0321 6100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:11.0321 6100 MountMgr - ok
12:28:11.0321 6100 mraid35x - ok
12:28:11.0353 6100 MREMPR5 - ok
12:28:11.0368 6100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:11.0368 6100 MRxDAV - ok
12:28:11.0384 6100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:11.0462 6100 MRxSmb - ok
12:28:11.0509 6100 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
12:28:11.0509 6100 MSDTC - ok
12:28:11.0525 6100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:11.0525 6100 Msfs - ok
12:28:11.0525 6100 MSIServer - ok
12:28:11.0556 6100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:11.0556 6100 MSKSSRV - ok
12:28:11.0571 6100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:11.0571 6100 MSPCLOCK - ok
12:28:11.0587 6100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:11.0587 6100 MSPQM - ok
12:28:11.0618 6100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:11.0618 6100 mssmbios - ok
12:28:11.0634 6100 mssql$sony_mediamgr - ok
12:28:11.0634 6100 mssqlserver - ok
12:28:11.0681 6100 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:28:11.0681 6100 MTsensor - ok
12:28:11.0696 6100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:28:11.0743 6100 Mup - ok
12:28:11.0743 6100 mvwebserver - ok
12:28:11.0759 6100 mxserver - ok
12:28:11.0790 6100 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:28:11.0806 6100 napagent - ok
12:28:11.0821 6100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:11.0837 6100 NDIS - ok
12:28:11.0837 6100 Ndisipo - ok
12:28:11.0884 6100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:11.0915 6100 NdisTapi - ok
12:28:11.0946 6100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:11.0946 6100 Ndisuio - ok
12:28:11.0946 6100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:11.0962 6100 NdisWan - ok
12:28:12.0009 6100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:12.0040 6100 NDProxy - ok
12:28:12.0040 6100 NeroMediaHomeService.4 - ok
12:28:12.0056 6100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:12.0056 6100 NetBIOS - ok
12:28:12.0071 6100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:12.0087 6100 NetBT - ok
12:28:12.0103 6100 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:12.0118 6100 NetDDE - ok
12:28:12.0118 6100 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:28:12.0118 6100 NetDDEdsdm - ok
12:28:12.0150 6100 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:28:12.0150 6100 Netlogon - ok
12:28:12.0165 6100 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:28:12.0165 6100 Netman - ok
12:28:12.0275 6100 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:28:12.0275 6100 NetTcpPortSharing - ok
12:28:12.0321 6100 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:28:12.0321 6100 Nla - ok
12:28:12.0321 6100 NMSAccessU - ok
12:28:12.0337 6100 NMSSvc - ok
12:28:12.0337 6100 nnsvc - ok
12:28:12.0400 6100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:12.0400 6100 Npfs - ok
12:28:12.0431 6100 NSSvcMgr - ok
12:28:12.0462 6100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:12.0478 6100 Ntfs - ok
12:28:12.0493 6100 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:28:12.0493 6100 NtLmSsp - ok
12:28:12.0540 6100 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:28:12.0540 6100 NtmsSvc - ok
12:28:12.0556 6100 NuidFltr - ok
12:28:12.0603 6100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:12.0603 6100 Null - ok
12:28:12.0806 6100 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:28:13.0087 6100 nv - ok
12:28:13.0150 6100 nvata - ok
12:28:13.0196 6100 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
12:28:13.0243 6100 NVHDA - ok
12:28:13.0321 6100 NVR0FLASHDev - ok
12:28:13.0665 6100 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe
12:28:13.0696 6100 NVSvc - ok
12:28:13.0837 6100 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:28:13.0900 6100 nvUpdatusService - ok
12:28:13.0915 6100 NWHOST - ok
12:28:13.0962 6100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:13.0962 6100 NwlnkFlt - ok
12:28:13.0962 6100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:13.0978 6100 NwlnkFwd - ok
12:28:14.0071 6100 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:28:14.0134 6100 odserv - ok
12:28:14.0134 6100 ofcpfwsvc - ok
12:28:14.0150 6100 ohci1394 - ok
12:28:14.0150 6100 oraclemtsrecoveryservice - ok
12:28:14.0150 6100 oracleorahome90agent - ok
12:28:14.0165 6100 OracleOraHome92ClientCache - ok
12:28:14.0196 6100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:14.0243 6100 ose - ok
12:28:14.0243 6100 parallel - ok
12:28:14.0290 6100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:28:14.0290 6100 Parport - ok
12:28:14.0306 6100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:14.0306 6100 PartMgr - ok
12:28:14.0337 6100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:14.0337 6100 ParVdm - ok
12:28:14.0353 6100 pcctlcom - ok
12:28:14.0368 6100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:14.0368 6100 PCI - ok
12:28:14.0384 6100 PCIDump - ok
12:28:14.0384 6100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:14.0384 6100 PCIIde - ok
12:28:14.0400 6100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:28:14.0415 6100 Pcmcia - ok
12:28:14.0446 6100 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
12:28:14.0446 6100 PCTBD - ok
12:28:14.0493 6100 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
12:28:14.0493 6100 PCTCore - ok
12:28:14.0525 6100 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
12:28:14.0525 6100 pctDS - ok
12:28:14.0571 6100 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys
12:28:14.0571 6100 pctEFA - ok
12:28:14.0603 6100 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys
12:28:14.0650 6100 pctgntdi - ok
12:28:14.0665 6100 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys
12:28:14.0665 6100 pctplsg - ok
12:28:14.0681 6100 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys
12:28:14.0681 6100 PCTSD - ok
12:28:14.0681 6100 PDCOMP - ok
12:28:14.0696 6100 PDFRAME - ok
12:28:14.0696 6100 pdlnecfg - ok
12:28:14.0712 6100 PDRELI - ok
12:28:14.0712 6100 PDRFRAME - ok
12:28:14.0712 6100 perc2 - ok
12:28:14.0728 6100 perc2hib - ok
12:28:14.0759 6100 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:28:14.0759 6100 PlugPlay - ok
12:28:14.0790 6100 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
12:28:14.0837 6100 Pml Driver HPZ12 - ok
12:28:14.0853 6100 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:28:14.0853 6100 PolicyAgent - ok
12:28:14.0884 6100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:14.0884 6100 PptpMiniport - ok
12:28:14.0900 6100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:28:14.0900 6100 Processor - ok
12:28:14.0915 6100 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:14.0915 6100 ProtectedStorage - ok
12:28:14.0915 6100 psasrv - ok
12:28:14.0931 6100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:14.0931 6100 PSched - ok
12:28:14.0931 6100 PTDCBus - ok
12:28:14.0946 6100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:14.0946 6100 Ptilink - ok
12:28:14.0962 6100 purendis - ok
12:28:14.0962 6100 qfcoresvc - ok
12:28:14.0978 6100 ql1080 - ok
12:28:14.0978 6100 Ql10wnt - ok
12:28:14.0993 6100 ql12160 - ok
12:28:14.0993 6100 ql1240 - ok
12:28:15.0009 6100 ql1280 - ok
12:28:15.0009 6100 qserver - ok
12:28:15.0009 6100 racsvc - ok
12:28:15.0025 6100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:15.0040 6100 RasAcd - ok
12:28:15.0103 6100 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:28:15.0103 6100 RasAuto - ok
12:28:15.0118 6100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:15.0118 6100 Rasl2tp - ok
12:28:15.0134 6100 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:28:15.0134 6100 RasMan - ok
12:28:15.0150 6100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:15.0150 6100 RasPppoe - ok
12:28:15.0165 6100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:15.0165 6100 Raspti - ok
12:28:15.0181 6100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:15.0181 6100 Rdbss - ok
12:28:15.0196 6100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:15.0196 6100 RDPCDD - ok
12:28:15.0212 6100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:15.0212 6100 rdpdr - ok
12:28:15.0259 6100 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:15.0337 6100 RDPWD - ok
12:28:15.0353 6100 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:28:15.0368 6100 RDSessMgr - ok
12:28:15.0384 6100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:15.0400 6100 redbook - ok
12:28:15.0431 6100 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:28:15.0431 6100 RemoteAccess - ok
12:28:15.0478 6100 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:28:15.0478 6100 RemoteRegistry - ok
12:28:15.0478 6100 roxliveshare9 - ok
12:28:15.0509 6100 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
12:28:15.0509 6100 RpcLocator - ok
12:28:15.0540 6100 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:28:15.0556 6100 RpcSs - ok
12:28:15.0556 6100 RSAFAL - ok
12:28:15.0587 6100 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
12:28:15.0603 6100 RSVP - ok
12:28:15.0603 6100 rt73 - ok
12:28:15.0603 6100 RTL8169 - ok
12:28:15.0634 6100 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:28:15.0681 6100 RTLE8023xp - ok
12:28:15.0696 6100 rxmssync - ok
12:28:15.0696 6100 s116bus - ok
12:28:15.0696 6100 s116obex - ok
12:28:15.0712 6100 s116unic - ok
12:28:15.0712 6100 S3GIGP - ok
12:28:15.0728 6100 s616obex - ok
12:28:15.0759 6100 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:28:15.0759 6100 SamSs - ok
12:28:15.0775 6100 sansaservice - ok
12:28:15.0790 6100 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:28:15.0790 6100 SCardSvr - ok
12:28:15.0806 6100 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:28:15.0806 6100 Schedule - ok
12:28:15.0837 6100 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
12:28:15.0915 6100 SCR3XX2K - ok
12:28:15.0978 6100 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
12:28:16.0056 6100 sdAuxService - ok
12:28:16.0071 6100 sdbus - ok
12:28:16.0103 6100 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe
12:28:16.0103 6100 sdCoreService - ok
12:28:16.0103 6100 SE27bus - ok
12:28:16.0118 6100 se58mdm - ok
12:28:16.0134 6100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:16.0134 6100 Secdrv - ok
12:28:16.0165 6100 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:28:16.0165 6100 seclogon - ok
12:28:16.0181 6100 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:28:16.0181 6100 SENS - ok
12:28:16.0196 6100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:28:16.0196 6100 serenum - ok
12:28:16.0196 6100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:28:16.0212 6100 Serial - ok
12:28:16.0212 6100 SetupNT - ok
12:28:16.0228 6100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:28:16.0228 6100 Sfloppy - ok
12:28:16.0275 6100 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:28:16.0290 6100 SharedAccess - ok
12:28:16.0290 6100 shdserv - ok
12:28:16.0337 6100 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:16.0337 6100 ShellHWDetection - ok
12:28:16.0353 6100 Simbad - ok
12:28:16.0353 6100 siside - ok
12:28:16.0368 6100 smrt - ok
12:28:16.0368 6100 softfax - ok
12:28:16.0384 6100 Sparrow - ok
12:28:16.0384 6100 spbbcsvc - ok
12:28:16.0400 6100 speedfan - ok
12:28:16.0431 6100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:28:16.0446 6100 splitter - ok
12:28:16.0478 6100 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:28:16.0525 6100 Spooler - ok
12:28:16.0525 6100 SprintRcAppSvc - ok
12:28:16.0556 6100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:28:16.0556 6100 sr - ok
12:28:16.0603 6100 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
12:28:16.0618 6100 srservice - ok
12:28:16.0665 6100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:28:16.0712 6100 Srv - ok
12:28:16.0759 6100 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:28:16.0759 6100 SSDPSRV - ok
12:28:16.0759 6100 ssoftservice - ok
12:28:16.0775 6100 sstpsvc - ok
12:28:16.0821 6100 Steam Client Service - ok
12:28:16.0837 6100 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:28:16.0837 6100 stisvc - ok
12:28:16.0868 6100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:28:16.0868 6100 swenum - ok
12:28:16.0915 6100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:28:16.0931 6100 swmidi - ok
12:28:16.0931 6100 SwPrv - ok
12:28:16.0931 6100 SWUMX20 - ok
12:28:16.0946 6100 symc810 - ok
12:28:16.0962 6100 symc8xx - ok
12:28:16.0962 6100 symsecureport - ok
12:28:16.0962 6100 sym_hi - ok
12:28:16.0978 6100 sym_u3 - ok
12:28:16.0993 6100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:28:16.0993 6100 sysaudio - ok
12:28:17.0025 6100 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:28:17.0025 6100 SysmonLog - ok
12:28:17.0056 6100 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:28:17.0056 6100 TapiSrv - ok
12:28:17.0103 6100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:17.0103 6100 Tcpip - ok
12:28:17.0118 6100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:17.0134 6100 TDPIPE - ok
12:28:17.0150 6100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:17.0150 6100 TDTCP - ok
12:28:17.0181 6100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:17.0181 6100 TermDD - ok
12:28:17.0196 6100 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:28:17.0212 6100 TermService - ok
12:28:17.0212 6100 TestHandler - ok
12:28:17.0259 6100 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
12:28:17.0306 6100 TfFsMon - ok
12:28:17.0306 6100 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
12:28:17.0384 6100 TfNetMon - ok
12:28:17.0415 6100 tfsndrct - ok
12:28:17.0431 6100 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
12:28:17.0431 6100 TFSysMon - ok
12:28:17.0478 6100 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:28:17.0478 6100 Themes - ok
12:28:17.0556 6100 ThreatFire - ok
12:28:17.0587 6100 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
12:28:17.0603 6100 TlntSvr - ok
12:28:17.0603 6100 tnidriver - ok
12:28:17.0618 6100 TosIde - ok
12:28:17.0618 6100 tosrfec - ok
12:28:17.0665 6100 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:28:17.0665 6100 TrkWks - ok
12:28:17.0681 6100 tvichw32 - ok
12:28:17.0681 6100 U2SP - ok
12:28:17.0728 6100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:28:17.0728 6100 Udfs - ok
12:28:17.0759 6100 ultra - ok
12:28:17.0775 6100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:28:17.0790 6100 Update - ok
12:28:17.0806 6100 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:28:17.0821 6100 upnphost - ok
12:28:17.0821 6100 upperdev - ok
12:28:17.0853 6100 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:28:17.0853 6100 UPS - ok
12:28:17.0884 6100 us30service - ok
12:28:17.0915 6100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:17.0931 6100 usbccgp - ok
12:28:17.0962 6100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:17.0962 6100 usbehci - ok
12:28:17.0993 6100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:18.0009 6100 usbhub - ok
12:28:18.0056 6100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:28:18.0056 6100 usbprint - ok
12:28:18.0103 6100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:28:18.0103 6100 usbscan - ok
12:28:18.0134 6100 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:18.0134 6100 usbstor - ok
12:28:18.0150 6100 usnsvc - ok
12:28:18.0150 6100 v2imount - ok
12:28:18.0165 6100 VAIOMediaPlatform-PhotoServer-HTTP - ok
12:28:18.0165 6100 vetfddnt - ok
12:28:18.0196 6100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:28:18.0196 6100 VgaSave - ok
12:28:18.0212 6100 ViaIde - ok
12:28:18.0212 6100 viaudio - ok
12:28:18.0228 6100 VirtualFD - ok
12:28:18.0228 6100 vmnetdhcp - ok
12:28:18.0228 6100 vncmirror - ok
12:28:18.0259 6100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:18.0259 6100 VolSnap - ok
12:28:18.0259 6100 vpcbus - ok
12:28:18.0306 6100 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:28:18.0306 6100 VSS - ok
12:28:18.0337 6100 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
12:28:18.0353 6100 W32Time - ok
12:28:18.0353 6100 w39n51 - ok
12:28:18.0353 6100 W700mdfl - ok
12:28:18.0368 6100 w800bus - ok
12:28:18.0384 6100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:18.0400 6100 Wanarp - ok
12:28:18.0431 6100 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:28:18.0493 6100 WDC_SAM - ok
12:28:18.0587 6100 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:28:18.0681 6100 WDDMService - ok
12:28:18.0759 6100 WDICA - ok
12:28:18.0775 6100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:18.0775 6100 wdmaud - ok
12:28:18.0790 6100 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
12:28:18.0837 6100 WDSmartWareBackgroundService - ok
12:28:18.0868 6100 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:28:18.0868 6100 WebClient - ok
12:28:18.0868 6100 websensepolicyserver - ok
12:28:18.0884 6100 websenseuserservice - ok
12:28:18.0884 6100 WIBUKEY - ok
12:28:18.0900 6100 win32sl - ok
12:28:18.0900 6100 windrvNT - ok
12:28:18.0915 6100 WINIO - ok
12:28:18.0946 6100 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:28:18.0962 6100 winmgmt - ok
12:28:18.0993 6100 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:28:18.0993 6100 WmdmPmSN - ok
12:28:19.0040 6100 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:28:19.0040 6100 Wmi - ok
12:28:19.0056 6100 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:28:19.0071 6100 WmiApSrv - ok
12:28:19.0150 6100 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:28:19.0165 6100 WMPNetworkSvc - ok
12:28:19.0181 6100 wpsdrvnt - ok
12:28:19.0212 6100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:28:19.0212 6100 WS2IFSL - ok
12:28:19.0259 6100 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:28:19.0259 6100 wscsvc - ok
12:28:19.0275 6100 Wtcls2k - ok
12:28:19.0275 6100 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:28:19.0290 6100 wuauserv - ok
12:28:19.0321 6100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:28:19.0321 6100 WudfPf - ok
12:28:19.0384 6100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:28:19.0400 6100 WudfRd - ok
12:28:19.0446 6100 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:28:19.0446 6100 WudfSvc - ok
12:28:19.0493 6100 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:28:19.0493 6100 WZCSVC - ok
12:28:19.0540 6100 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:28:19.0540 6100 xmlprov - ok
12:28:19.0540 6100 z525obex - ok
12:28:19.0556 6100 zebrceb - ok
12:28:19.0556 6100 ziptoa - ok
12:28:19.0571 6100 {6080a529-897e-4629-a488-aba0c29b635e} - ok
12:28:19.0587 6100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:28:19.0759 6100 \Device\Harddisk0\DR0 - ok
12:28:19.0759 6100 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition0
12:28:19.0759 6100 \Device\Harddisk0\DR0\Partition0 - ok
12:28:19.0759 6100 ============================================================
12:28:19.0759 6100 Scan finished
12:28:19.0759 6100 ============================================================
12:28:19.0759 5220 Detected object count: 1
12:28:19.0759 5220 Actual detected object count: 1
12:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - skipped by user
12:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Skip

#6
Larusso

Posted 08 April 2012 - 02:46 PM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Here it is

Execute TDSSKiller.exe and press Start Scan.

Ensure Cure is selected ( it should be by default )
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#7
Teed55

Posted 09 April 2012 - 11:20 AM

New Member

Members
13 posts

Gender:Female

Daniel, I hope I did this process correctly... It was taking forever to load up Internet Explorer.

Here is the log from TDS:

11:22:57.0046 0844 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
11:22:59.0046 0844 ============================================================
11:22:59.0046 0844 Current date / time: 2012/04/09 11:22:59.0046
11:22:59.0046 0844 SystemInfo:
11:22:59.0046 0844
11:22:59.0046 0844 OS Version: 5.1.2600 ServicePack: 3.0
11:22:59.0046 0844 Product type: Workstation
11:22:59.0046 0844 ComputerName: DESKTOP-1
11:22:59.0046 0844 UserName: John & Wendy
11:22:59.0046 0844 Windows directory: C:\WINDOWS
11:22:59.0046 0844 System windows directory: C:\WINDOWS
11:22:59.0046 0844 Processor architecture: Intel x86
11:22:59.0046 0844 Number of processors: 4
11:22:59.0046 0844 Page size: 0x1000
11:22:59.0046 0844 Boot type: Normal boot
11:22:59.0046 0844 ============================================================
11:23:00.0546 0844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:23:00.0578 0844 \Device\Harddisk0\DR0:
11:23:00.0578 0844 MBR used
11:23:00.0578 0844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
11:23:00.0593 0844 Initialize success
11:23:00.0593 0844 ============================================================
11:24:52.0171 3592 ============================================================
11:24:52.0171 3592 Scan started
11:24:52.0171 3592 Mode: Manual;
11:24:52.0171 3592 ============================================================
11:24:52.0562 3592 Abiosdsk - ok
11:24:52.0593 3592 abp480n5 - ok
11:24:52.0656 3592 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
11:24:52.0656 3592 ac.sharedstore - ok
11:24:52.0703 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:52.0703 3592 ACPI - ok
11:24:52.0750 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:24:52.0750 3592 ACPIEC - ok
11:24:52.0765 3592 acrsch2svc - ok
11:24:52.0843 3592 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:24:52.0906 3592 AdobeFlashPlayerUpdateSvc - ok
11:24:52.0906 3592 adpu160m - ok
11:24:52.0906 3592 adpu320 - ok
11:24:52.0937 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:24:52.0937 3592 aec - ok
11:24:52.0953 3592 Afc - ok
11:24:53.0000 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:24:53.0031 3592 AFD - ok
11:24:53.0078 3592 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
11:24:53.0109 3592 AFS2K - ok
11:24:53.0125 3592 Aha154x - ok
11:24:53.0125 3592 aic78u2 - ok
11:24:53.0140 3592 aic78xx - ok
11:24:53.0140 3592 aksusb - ok
11:24:53.0140 3592 ALABULK - ok
11:24:53.0187 3592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:24:53.0187 3592 Alerter - ok
11:24:53.0203 3592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:24:53.0203 3592 ALG - ok
11:24:53.0218 3592 AliIde - ok
11:24:53.0218 3592 AlteraByteBlaster - ok
11:24:53.0281 3592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:24:53.0343 3592 Ambfilt - ok
11:24:53.0359 3592 amsint - ok
11:24:53.0359 3592 amusbprt - ok
11:24:53.0359 3592 Angel2 - ok
11:24:53.0406 3592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:24:53.0406 3592 AppMgmt - ok
11:24:53.0421 3592 AR5416 - ok
11:24:53.0421 3592 asc - ok
11:24:53.0437 3592 asc3350p - ok
11:24:53.0437 3592 asc3550 - ok
11:24:53.0453 3592 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
11:24:53.0500 3592 AsIO - ok
11:24:53.0546 3592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:24:53.0593 3592 aspnet_state - ok
11:24:53.0703 3592 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
11:24:53.0703 3592 AsSysCtrlService - ok
11:24:53.0703 3592 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
11:24:53.0750 3592 AsUpIO - ok
11:24:53.0796 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:53.0812 3592 AsyncMac - ok
11:24:53.0859 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:53.0859 3592 atapi - ok
11:24:53.0859 3592 Atdisk - ok
11:24:53.0875 3592 ati - ok
11:24:53.0906 3592 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe
11:24:53.0953 3592 Ati HotKey Poller - ok
11:24:53.0984 3592 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe
11:24:54.0093 3592 ATI Smart - ok
11:24:54.0171 3592 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:24:54.0234 3592 ati2mtag - ok
11:24:54.0250 3592 atitool - ok
11:24:54.0250 3592 ATKFUSService - ok
11:24:54.0296 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:54.0296 3592 Atmarpc - ok
11:24:54.0343 3592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:24:54.0343 3592 AudioSrv - ok
11:24:54.0390 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:54.0390 3592 audstub - ok
11:24:54.0390 3592 autostore - ok
11:24:54.0406 3592 AVRec - ok
11:24:54.0406 3592 awecho - ok
11:24:54.0421 3592 bdfdll - ok
11:24:54.0453 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:24:54.0453 3592 Beep - ok
11:24:54.0453 3592 besclient - ok
11:24:54.0515 3592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:24:54.0515 3592 BITS - ok
11:24:54.0531 3592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:24:54.0531 3592 Browser - ok
11:24:54.0593 3592 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
11:24:54.0593 3592 Browser Defender Update Service - ok
11:24:54.0609 3592 btnetfilter - ok
11:24:54.0609 3592 BUFADPT - ok
11:24:54.0609 3592 cachemgr - ok
11:24:54.0625 3592 Cam5603C - ok
11:24:54.0625 3592 Cam5603D - ok
11:24:54.0656 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:54.0671 3592 cbidf2k - ok
11:24:54.0671 3592 ccflic0 - ok
11:24:54.0671 3592 cd20xrnt - ok
11:24:54.0687 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:54.0687 3592 Cdaudio - ok
11:24:54.0718 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:54.0718 3592 Cdfs - ok
11:24:54.0750 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:54.0765 3592 Cdrom - ok
11:24:54.0796 3592 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
11:24:54.0843 3592 cfwids - ok
11:24:54.0843 3592 Changer - ok
11:24:54.0859 3592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:24:54.0859 3592 CiSvc - ok
11:24:54.0875 3592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:24:54.0875 3592 ClipSrv - ok
11:24:54.0921 3592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:54.0953 3592 clr_optimization_v2.0.50727_32 - ok
11:24:54.0968 3592 CmdIde - ok
11:24:54.0968 3592 CnxTrUsb - ok
11:24:54.0968 3592 comhost - ok
11:24:54.0984 3592 COMSysApp - ok
11:24:54.0984 3592 Cpqarray - ok
11:24:55.0000 3592 cpqarry2 - ok
11:24:55.0000 3592 cpqdfw - ok
11:24:55.0000 3592 cpqdmi - ok
11:24:55.0015 3592 cpucoolserver - ok
11:24:55.0015 3592 cqmghost - ok
11:24:55.0015 3592 crauto - ok
11:24:55.0046 3592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:24:55.0046 3592 CryptSvc - ok
11:24:55.0046 3592 ctljystk - ok
11:24:55.0062 3592 CTSBLFX.DLL - ok
11:24:55.0062 3592 cvslock - ok
11:24:55.0062 3592 cwafadmincontroller - ok
11:24:55.0109 3592 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
11:24:55.0187 3592 cxbu0wdm - ok
11:24:55.0187 3592 dac2w2k - ok
11:24:55.0203 3592 dac960nt - ok
11:24:55.0203 3592 DCamUSBGrandTek - ok
11:24:55.0218 3592 DCamUSBMke2 - ok
11:24:55.0218 3592 DCamUSBSQTECH - ok
11:24:55.0265 3592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:24:55.0281 3592 DcomLaunch - ok
11:24:55.0281 3592 dcpflics - ok
11:24:55.0281 3592 dcstor32 - ok
11:24:55.0296 3592 defwatch - ok
11:24:55.0343 3592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:24:55.0343 3592 Dhcp - ok
11:24:55.0343 3592 dirms_defragmentation - ok
11:24:55.0390 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:55.0390 3592 Disk - ok
11:24:55.0390 3592 diskeeper - ok
11:24:55.0406 3592 dlaudfam - ok
11:24:55.0406 3592 dmadmin - ok
11:24:55.0437 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:24:55.0453 3592 dmboot - ok
11:24:55.0468 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:24:55.0468 3592 dmio - ok
11:24:55.0484 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:24:55.0484 3592 dmload - ok
11:24:55.0531 3592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:24:55.0531 3592 dmserver - ok
11:24:55.0531 3592 DMUSBUSBDCam - ok
11:24:55.0562 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:24:55.0578 3592 DMusic - ok
11:24:55.0640 3592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:24:55.0671 3592 Dnscache - ok
11:24:55.0687 3592 dnserver32 - ok
11:24:55.0750 3592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:24:55.0750 3592 Dot3svc - ok
11:24:55.0781 3592 dpti2o - ok
11:24:55.0796 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:55.0796 3592 drmkaud - ok
11:24:55.0859 3592 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe
11:24:55.0859 3592 DvmMDES - ok
11:24:55.0859 3592 dwmrcs - ok
11:24:55.0890 3592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:24:55.0890 3592 EapHost - ok
11:24:55.0890 3592 edspport - ok
11:24:55.0906 3592 egathdrv - ok
11:24:55.0906 3592 ELmou - ok
11:24:55.0921 3592 eloggersvc6 - ok
11:24:55.0921 3592 elotouchscreen - ok
11:24:55.0937 3592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:24:55.0937 3592 ERSvc - ok
11:24:55.0953 3592 ET5Drv - ok
11:24:55.0953 3592 EU3_USB - ok
11:24:55.0984 3592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:24:56.0000 3592 Eventlog - ok
11:24:56.0000 3592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
11:24:56.0000 3592 EventSystem - ok
11:24:56.0015 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:56.0031 3592 Fastfat - ok
11:24:56.0031 3592 fasttrackinstallerservice - ok
11:24:56.0078 3592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:24:56.0109 3592 FastUserSwitchingCompatibility - ok
11:24:56.0125 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:24:56.0140 3592 Fdc - ok
11:24:56.0140 3592 fgdxbus - ok
11:24:56.0140 3592 filechecker - ok
11:24:56.0156 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:24:56.0171 3592 Fips - ok
11:24:56.0171 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:24:56.0171 3592 Flpydisk - ok
11:24:56.0218 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:24:56.0234 3592 FltMgr - ok
11:24:56.0328 3592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:24:56.0343 3592 FontCache3.0.0.0 - ok
11:24:56.0343 3592 Freedom - ok
11:24:56.0359 3592 fshttps - ok
11:24:56.0359 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:56.0359 3592 Fs_Rec - ok
11:24:56.0375 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:56.0375 3592 Ftdisk - ok
11:24:56.0390 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:56.0390 3592 Gpc - ok
11:24:56.0500 3592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:24:56.0500 3592 gupdate - ok
11:24:56.0546 3592 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
11:24:56.0625 3592 hamachi - ok
11:24:56.0703 3592 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
11:24:56.0703 3592 Hamachi2Svc - ok
11:24:56.0765 3592 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:24:56.0781 3592 HDAudBus - ok
11:24:56.0796 3592 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:24:56.0875 3592 HECI - ok
11:24:56.0906 3592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:24:56.0906 3592 helpsvc - ok
11:24:56.0921 3592 HFACSVC - ok
11:24:56.0937 3592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:24:56.0937 3592 HidServ - ok
11:24:56.0968 3592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:56.0968 3592 hidusb - ok
11:24:57.0000 3592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:24:57.0015 3592 hkmsvc - ok
11:24:57.0015 3592 hpdskflt - ok
11:24:57.0031 3592 HPFECP20 - ok
11:24:57.0031 3592 hpn - ok
11:24:57.0062 3592 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:24:57.0093 3592 HPZid412 - ok
11:24:57.0109 3592 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:24:57.0140 3592 HPZipr12 - ok
11:24:57.0203 3592 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:24:57.0234 3592 HPZius12 - ok
11:24:57.0281 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:57.0281 3592 HTTP - ok
11:24:57.0296 3592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:24:57.0296 3592 HTTPFilter - ok
11:24:57.0296 3592 i2omgmt - ok
11:24:57.0312 3592 i2omp - ok
11:24:57.0343 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:57.0359 3592 i8042prt - ok
11:24:57.0359 3592 iaantmon - ok
11:24:57.0359 3592 iaimfp1 - ok
11:24:57.0375 3592 iaimfp2 - ok
11:24:57.0437 3592 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:24:57.0484 3592 ialm - ok
11:24:57.0500 3592 ibmpmdrv - ok
11:24:57.0500 3592 icm10blk - ok
11:24:57.0531 3592 ICM10USB - ok
11:24:57.0546 3592 idechndr - ok
11:24:57.0671 3592 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:24:57.0718 3592 IDriverT - ok
11:24:57.0859 3592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:24:57.0921 3592 idsvc - ok
11:24:57.0937 3592 iftpsvc - ok
11:24:57.0953 3592 ikfileflt - ok
11:24:57.0953 3592 iksysflt - ok
11:24:58.0000 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:58.0000 3592 Imapi - ok
11:24:58.0046 3592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
11:24:58.0046 3592 ImapiService - ok
11:24:58.0062 3592 ini910u - ok
11:24:58.0171 3592 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:24:58.0218 3592 IntcAzAudAddService - ok
11:24:58.0265 3592 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:24:58.0343 3592 IntcDAud - ok
11:24:58.0359 3592 IntelIde - ok
11:24:58.0375 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:58.0375 3592 intelppm - ok
11:24:58.0390 3592 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:24:58.0406 3592 ip6fw - ok
11:24:58.0421 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:58.0437 3592 IpFilterDriver - ok
11:24:58.0468 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:58.0468 3592 IpInIp - ok
11:24:58.0484 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:58.0500 3592 IpNat - ok
11:24:58.0515 3592 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:58.0515 3592 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a91
11:24:58.0515 3592 IPSec ( Virus.Win32.ZAccess.k ) - infected
11:24:58.0515 3592 IPSec - detected Virus.Win32.ZAccess.k (0)
11:24:58.0515 3592 IPSECSHM - ok
11:24:58.0562 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:58.0562 3592 IRENUM - ok
11:24:58.0562 3592 irmon - ok
11:24:58.0609 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:58.0656 3592 isapnp - ok
11:24:58.0750 3592 issuser - ok
11:24:58.0921 3592 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:24:58.0921 3592 JavaQuickStarterService - ok
11:24:58.0968 3592 JGOGO - ok
11:24:59.0000 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:59.0000 3592 Kbdclass - ok
11:24:59.0015 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:24:59.0015 3592 kmixer - ok
11:24:59.0046 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:59.0046 3592 KSecDD - ok
11:24:59.0062 3592 l8042pr2 - ok
11:24:59.0093 3592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:24:59.0125 3592 lanmanserver - ok
11:24:59.0156 3592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:24:59.0156 3592 lanmanworkstation - ok
11:24:59.0171 3592 lbrtfdc - ok
11:24:59.0171 3592 lhidusb - ok
11:24:59.0187 3592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:24:59.0187 3592 LmHosts - ok
11:24:59.0203 3592 lmimaint - ok
11:24:59.0203 3592 LMouKE - ok
11:24:59.0265 3592 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:24:59.0265 3592 LMS - ok
11:24:59.0281 3592 lockmgr - ok
11:24:59.0281 3592 ltck000c - ok
11:24:59.0296 3592 lvselsus - ok
11:24:59.0296 3592 lwwlicenseservice - ok
11:24:59.0328 3592 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:24:59.0406 3592 MBAMProtector - ok
11:24:59.0453 3592 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:24:59.0453 3592 MBAMService - ok
11:24:59.0515 3592 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
11:24:59.0515 3592 McMPFSvc - ok
11:24:59.0531 3592 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:24:59.0531 3592 mcmscsvc - ok
11:24:59.0531 3592 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:24:59.0531 3592 McNaiAnn - ok
11:24:59.0546 3592 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:24:59.0546 3592 McNASvc - ok
11:24:59.0578 3592 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe
11:24:59.0625 3592 McODS - ok
11:24:59.0640 3592 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:24:59.0640 3592 McProxy - ok
11:24:59.0671 3592 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:24:59.0671 3592 McShield - ok
11:24:59.0765 3592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:24:59.0765 3592 Messenger - ok
11:24:59.0781 3592 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:24:59.0828 3592 mfeapfk - ok
11:24:59.0890 3592 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:24:59.0921 3592 mfeavfk - ok
11:24:59.0937 3592 mfeavfk01 - ok
11:24:59.0968 3592 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
11:25:00.0000 3592 mfebopk - ok
11:25:00.0046 3592 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:25:00.0046 3592 mfefire - ok
11:25:00.0078 3592 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
11:25:00.0125 3592 mfefirek - ok
11:25:00.0140 3592 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
11:25:00.0234 3592 mfehidk - ok
11:25:00.0250 3592 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:25:00.0296 3592 mfendisk - ok
11:25:00.0296 3592 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:25:00.0296 3592 mfendiskmp - ok
11:25:00.0328 3592 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
11:25:00.0359 3592 mferkdet - ok
11:25:00.0390 3592 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:25:00.0437 3592 mfetdi2k - ok
11:25:00.0484 3592 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe
11:25:00.0484 3592 mfevtp - ok
11:25:00.0484 3592 mhn - ok
11:25:00.0593 3592 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:25:00.0640 3592 Microsoft Office Groove Audit Service - ok
11:25:00.0671 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:25:00.0671 3592 mnmdd - ok
11:25:00.0703 3592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
11:25:00.0703 3592 mnmsrvc - ok
11:25:00.0718 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:25:00.0734 3592 Modem - ok
11:25:00.0765 3592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:25:00.0828 3592 Monfilt - ok
11:25:00.0843 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:25:00.0859 3592 Mouclass - ok
11:25:00.0890 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:25:00.0906 3592 mouhid - ok
11:25:00.0921 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:25:00.0921 3592 MountMgr - ok
11:25:00.0921 3592 mraid35x - ok
11:25:00.0953 3592 MREMPR5 - ok
11:25:00.0968 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:25:00.0968 3592 MRxDAV - ok
11:25:01.0000 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:25:01.0078 3592 MRxSmb - ok
11:25:01.0078 3592 mscsptisrv - ok
11:25:01.0125 3592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
11:25:01.0125 3592 MSDTC - ok
11:25:01.0140 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:25:01.0140 3592 Msfs - ok
11:25:01.0140 3592 MSIServer - ok
11:25:01.0171 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:25:01.0171 3592 MSKSSRV - ok
11:25:01.0187 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:25:01.0187 3592 MSPCLOCK - ok
11:25:01.0203 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:25:01.0203 3592 MSPQM - ok
11:25:01.0234 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:25:01.0234 3592 mssmbios - ok
11:25:01.0250 3592 mssql$sony_mediamgr - ok
11:25:01.0250 3592 mssqlserver - ok
11:25:01.0281 3592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:25:01.0296 3592 MTsensor - ok
11:25:01.0312 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:25:01.0343 3592 Mup - ok
11:25:01.0359 3592 mvwebserver - ok
11:25:01.0359 3592 mxserver - ok
11:25:01.0390 3592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:25:01.0406 3592 napagent - ok
11:25:01.0437 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:25:01.0437 3592 NDIS - ok
11:25:01.0453 3592 Ndisipo - ok
11:25:01.0468 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:25:01.0515 3592 NdisTapi - ok
11:25:01.0531 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:25:01.0546 3592 Ndisuio - ok
11:25:01.0546 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:25:01.0562 3592 NdisWan - ok
11:25:01.0609 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:25:01.0640 3592 NDProxy - ok
11:25:01.0656 3592 NeroMediaHomeService.4 - ok
11:25:01.0656 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:25:01.0671 3592 NetBIOS - ok
11:25:01.0687 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:25:01.0703 3592 NetBT - ok
11:25:01.0734 3592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:25:01.0734 3592 NetDDE - ok
11:25:01.0734 3592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:25:01.0734 3592 NetDDEdsdm - ok
11:25:01.0765 3592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:25:01.0765 3592 Netlogon - ok
11:25:01.0781 3592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:25:01.0796 3592 Netman - ok
11:25:01.0921 3592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:25:01.0921 3592 NetTcpPortSharing - ok
11:25:01.0984 3592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:25:01.0984 3592 Nla - ok
11:25:02.0000 3592 NMSAccessU - ok
11:25:02.0000 3592 NMSSvc - ok
11:25:02.0015 3592 nnsvc - ok
11:25:02.0046 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:25:02.0046 3592 Npfs - ok
11:25:02.0062 3592 NSSvcMgr - ok
11:25:02.0078 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:25:02.0078 3592 Ntfs - ok
11:25:02.0109 3592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:25:02.0125 3592 NtLmSsp - ok
11:25:02.0140 3592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:25:02.0140 3592 NtmsSvc - ok
11:25:02.0156 3592 NuidFltr - ok
11:25:02.0171 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:25:02.0171 3592 Null - ok
11:25:02.0390 3592 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:25:02.0468 3592 nv - ok
11:25:02.0500 3592 nvata - ok
11:25:02.0562 3592 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
11:25:02.0593 3592 NVHDA - ok
11:25:02.0609 3592 NVR0FLASHDev - ok
11:25:02.0640 3592 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe
11:25:02.0640 3592 NVSvc - ok
11:25:02.0750 3592 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:25:02.0750 3592 nvUpdatusService - ok
11:25:02.0765 3592 NWHOST - ok
11:25:02.0796 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:25:02.0796 3592 NwlnkFlt - ok
11:25:02.0812 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:25:02.0812 3592 NwlnkFwd - ok
11:25:02.0906 3592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:25:02.0968 3592 odserv - ok
11:25:02.0968 3592 ofcpfwsvc - ok
11:25:02.0968 3592 ohci1394 - ok
11:25:02.0984 3592 oraclemtsrecoveryservice - ok
11:25:03.0000 3592 oracleorahome90agent - ok
11:25:03.0000 3592 OracleOraHome92ClientCache - ok
11:25:03.0015 3592 oracleorahometnslistener - ok
11:25:03.0062 3592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:25:03.0093 3592 ose - ok
11:25:03.0109 3592 owstimer - ok
11:25:03.0109 3592 parallel - ok
11:25:03.0156 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:25:03.0156 3592 Parport - ok
11:25:03.0156 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:25:03.0171 3592 PartMgr - ok
11:25:03.0187 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:25:03.0187 3592 ParVdm - ok
11:25:03.0203 3592 pcctlcom - ok
11:25:03.0218 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:25:03.0218 3592 PCI - ok
11:25:03.0234 3592 PCIDump - ok
11:25:03.0250 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:25:03.0250 3592 PCIIde - ok
11:25:03.0265 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:25:03.0265 3592 Pcmcia - ok
11:25:03.0312 3592 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
11:25:03.0375 3592 PCTBD - ok
11:25:03.0437 3592 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
11:25:03.0515 3592 PCTCore - ok
11:25:03.0562 3592 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
11:25:03.0609 3592 pctDS - ok
11:25:03.0640 3592 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys
11:25:03.0734 3592 pctEFA - ok
11:25:03.0796 3592 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys
11:25:03.0859 3592 pctgntdi - ok
11:25:03.0890 3592 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys
11:25:03.0968 3592 pctplsg - ok
11:25:04.0093 3592 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys
11:25:04.0171 3592 PCTSD - ok
11:25:04.0171 3592 PDCOMP - ok
11:25:04.0187 3592 PDFRAME - ok
11:25:04.0187 3592 pdlnecfg - ok
11:25:04.0203 3592 PDRELI - ok
11:25:04.0203 3592 PDRFRAME - ok
11:25:04.0218 3592 perc2 - ok
11:25:04.0218 3592 perc2hib - ok
11:25:04.0234 3592 pfmodnt - ok
11:25:04.0265 3592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:25:04.0265 3592 PlugPlay - ok
11:25:04.0296 3592 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
11:25:04.0312 3592 Pml Driver HPZ12 - ok
11:25:04.0328 3592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
11:25:04.0328 3592 PolicyAgent - ok
11:25:04.0359 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:25:04.0359 3592 PptpMiniport - ok
11:25:04.0375 3592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:25:04.0375 3592 Processor - ok
11:25:04.0375 3592 ProcObsrv - ok
11:25:04.0390 3592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:04.0390 3592 ProtectedStorage - ok
11:25:04.0390 3592 psasrv - ok
11:25:04.0406 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:25:04.0406 3592 PSched - ok
11:25:04.0406 3592 PTDCBus - ok
11:25:04.0421 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:25:04.0421 3592 Ptilink - ok
11:25:04.0453 3592 purendis - ok
11:25:04.0468 3592 qfcoresvc - ok
11:25:04.0468 3592 ql1080 - ok
11:25:04.0484 3592 Ql10wnt - ok
11:25:04.0484 3592 ql12160 - ok
11:25:04.0484 3592 ql1240 - ok
11:25:04.0500 3592 ql1280 - ok
11:25:04.0500 3592 qserver - ok
11:25:04.0515 3592 racsvc - ok
11:25:04.0515 3592 rampartsvc - ok
11:25:04.0531 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:04.0531 3592 RasAcd - ok
11:25:04.0562 3592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:25:04.0578 3592 RasAuto - ok
11:25:04.0593 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:04.0593 3592 Rasl2tp - ok
11:25:04.0625 3592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:25:04.0625 3592 RasMan - ok
11:25:04.0640 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:04.0640 3592 RasPppoe - ok
11:25:04.0671 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:04.0671 3592 Raspti - ok
11:25:04.0703 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:04.0703 3592 Rdbss - ok
11:25:04.0718 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:04.0734 3592 RDPCDD - ok
11:25:04.0750 3592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:04.0750 3592 rdpdr - ok
11:25:04.0812 3592 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:25:04.0890 3592 RDPWD - ok
11:25:04.0937 3592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:25:04.0937 3592 RDSessMgr - ok
11:25:04.0968 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:04.0968 3592 redbook - ok
11:25:05.0031 3592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:25:05.0031 3592 RemoteAccess - ok
11:25:05.0046 3592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:25:05.0062 3592 RemoteRegistry - ok
11:25:05.0062 3592 ROOTUSB - ok
11:25:05.0062 3592 roxliveshare9 - ok
11:25:05.0093 3592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
11:25:05.0093 3592 RpcLocator - ok
11:25:05.0140 3592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:25:05.0140 3592 RpcSs - ok
11:25:05.0140 3592 RSAFAL - ok
11:25:05.0171 3592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
11:25:05.0187 3592 RSVP - ok
11:25:05.0187 3592 rt73 - ok
11:25:05.0187 3592 RTL8169 - ok
11:25:05.0250 3592 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:25:05.0281 3592 RTLE8023xp - ok
11:25:05.0296 3592 RTSTOR - ok
11:25:05.0328 3592 rxmssync - ok
11:25:05.0328 3592 s116bus - ok
11:25:05.0328 3592 s116obex - ok
11:25:05.0343 3592 s116unic - ok
11:25:05.0343 3592 s125mdm - ok
11:25:05.0359 3592 S3GIGP - ok
11:25:05.0359 3592 s616obex - ok
11:25:05.0406 3592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:05.0406 3592 SamSs - ok
11:25:05.0406 3592 sansaservice - ok
11:25:05.0421 3592 sbhooksvc - ok
11:25:05.0453 3592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:25:05.0453 3592 SCardSvr - ok
11:25:05.0500 3592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:25:05.0515 3592 Schedule - ok
11:25:05.0546 3592 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
11:25:05.0609 3592 SCR3XX2K - ok
11:25:05.0718 3592 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
11:25:05.0718 3592 sdAuxService - ok
11:25:05.0718 3592 sdbus - ok
11:25:05.0734 3592 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe
11:25:05.0734 3592 sdCoreService - ok
11:25:05.0750 3592 SE27bus - ok
11:25:05.0750 3592 SE2Cmgmt - ok
11:25:05.0765 3592 se58mdm - ok
11:25:05.0796 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:05.0796 3592 Secdrv - ok
11:25:05.0812 3592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:25:05.0812 3592 seclogon - ok
11:25:05.0812 3592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:25:05.0828 3592 SENS - ok
11:25:05.0843 3592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:05.0843 3592 serenum - ok
11:25:05.0859 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:25:05.0859 3592 Serial - ok
11:25:05.0890 3592 SetupNT - ok
11:25:05.0921 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:05.0921 3592 Sfloppy - ok
11:25:05.0921 3592 sglfb - ok
11:25:05.0968 3592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:25:05.0984 3592 SharedAccess - ok
11:25:05.0984 3592 shdserv - ok
11:25:06.0031 3592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:25:06.0031 3592 ShellHWDetection - ok
11:25:06.0046 3592 Simbad - ok
11:25:06.0046 3592 siside - ok
11:25:06.0046 3592 smrt - ok
11:25:06.0062 3592 softfax - ok
11:25:06.0062 3592 Sparrow - ok
11:25:06.0078 3592 spbbcsvc - ok
11:25:06.0078 3592 speedfan - ok
11:25:06.0125 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:25:06.0125 3592 splitter - ok
11:25:06.0171 3592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:25:06.0203 3592 Spooler - ok
11:25:06.0218 3592 SprintRcAppSvc - ok
11:25:06.0218 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:25:06.0234 3592 sr - ok
11:25:06.0250 3592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
11:25:06.0250 3592 srservice - ok
11:25:06.0296 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:25:06.0343 3592 Srv - ok
11:25:06.0343 3592 SrvcEKIOMngr - ok
11:25:06.0359 3592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:25:06.0359 3592 SSDPSRV - ok
11:25:06.0390 3592 ssoftservice - ok
11:25:06.0406 3592 sstpsvc - ok
11:25:06.0468 3592 Steam Client Service - ok
11:25:06.0484 3592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:25:06.0484 3592 stisvc - ok
11:25:06.0484 3592 stylexphelper - ok
11:25:06.0515 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:06.0515 3592 swenum - ok
11:25:06.0578 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:25:06.0578 3592 swmidi - ok
11:25:06.0578 3592 SWMX00 - ok
11:25:06.0593 3592 SwPrv - ok
11:25:06.0593 3592 SWUMX20 - ok
11:25:06.0609 3592 symc810 - ok
11:25:06.0609 3592 symc8xx - ok
11:25:06.0625 3592 symsecureport - ok
11:25:06.0625 3592 sym_hi - ok
11:25:06.0640 3592 sym_u3 - ok
11:25:06.0671 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:25:06.0671 3592 sysaudio - ok
11:25:06.0718 3592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:25:06.0718 3592 SysmonLog - ok
11:25:06.0765 3592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:25:06.0765 3592 TapiSrv - ok
11:25:06.0812 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:06.0812 3592 Tcpip - ok
11:25:06.0859 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:06.0859 3592 TDPIPE - ok
11:25:06.0875 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:25:06.0875 3592 TDTCP - ok
11:25:06.0906 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:06.0906 3592 TermDD - ok
11:25:06.0921 3592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:25:06.0937 3592 TermService - ok
11:25:06.0937 3592 TestHandler - ok
11:25:06.0984 3592 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
11:25:07.0015 3592 TfFsMon - ok
11:25:07.0046 3592 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
11:25:07.0125 3592 TfNetMon - ok
11:25:07.0140 3592 tfsndrct - ok
11:25:07.0156 3592 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
11:25:07.0234 3592 TFSysMon - ok
11:25:07.0281 3592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:25:07.0296 3592 Themes - ok
11:25:07.0375 3592 ThreatFire - ok
11:25:07.0406 3592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
11:25:07.0406 3592 TlntSvr - ok
11:25:07.0421 3592 tnidriver - ok
11:25:07.0421 3592 TosIde - ok
11:25:07.0421 3592 tosrfec - ok
11:25:07.0468 3592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:25:07.0468 3592 TrkWks - ok
11:25:07.0468 3592 tunnelguardservice - ok
11:25:07.0484 3592 U2SP - ok
11:25:07.0484 3592 U81xbus - ok
11:25:07.0515 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:25:07.0515 3592 Udfs - ok
11:25:07.0531 3592 ultra - ok
11:25:07.0578 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:25:07.0578 3592 Update - ok
11:25:07.0593 3592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:25:07.0593 3592 upnphost - ok
11:25:07.0609 3592 upperdev - ok
11:25:07.0625 3592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:25:07.0640 3592 UPS - ok
11:25:07.0640 3592 us30service - ok
11:25:07.0687 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:07.0687 3592 usbccgp - ok
11:25:07.0734 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:07.0734 3592 usbehci - ok
11:25:07.0765 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:07.0765 3592 usbhub - ok
11:25:07.0796 3592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:25:07.0796 3592 usbprint - ok
11:25:07.0843 3592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:25:07.0843 3592 usbscan - ok
11:25:07.0875 3592 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:07.0875 3592 usbstor - ok
11:25:07.0875 3592 usnsvc - ok
11:25:07.0890 3592 v2imount - ok
11:25:07.0890 3592 VAIOMediaPlatform-PhotoServer-HTTP - ok
11:25:07.0890 3592 vetfddnt - ok
11:25:07.0921 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:25:07.0921 3592 VgaSave - ok
11:25:07.0921 3592 ViaIde - ok
11:25:07.0937 3592 viaudio - ok
11:25:07.0937 3592 VirtualFD - ok
11:25:07.0953 3592 vmnetdhcp - ok
11:25:07.0953 3592 vncmirror - ok
11:25:07.0968 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:25:07.0968 3592 VolSnap - ok
11:25:07.0984 3592 vpcbus - ok
11:25:08.0015 3592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:25:08.0031 3592 VSS - ok
11:25:08.0062 3592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
11:25:08.0062 3592 W32Time - ok
11:25:08.0078 3592 w39n51 - ok
11:25:08.0078 3592 W700mdfl - ok
11:25:08.0093 3592 w800bus - ok
11:25:08.0093 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:08.0093 3592 Wanarp - ok
11:25:08.0140 3592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:25:08.0203 3592 WDC_SAM - ok
11:25:08.0281 3592 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:25:08.0281 3592 WDDMService - ok
11:25:08.0281 3592 WDICA - ok
11:25:08.0312 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:25:08.0312 3592 wdmaud - ok
11:25:08.0312 3592 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
11:25:08.0312 3592 WDSmartWareBackgroundService - ok
11:25:08.0359 3592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:25:08.0359 3592 WebClient - ok
11:25:08.0359 3592 websensepolicyserver - ok
11:25:08.0375 3592 websenseuserservice - ok
11:25:08.0375 3592 WIBUKEY - ok
11:25:08.0390 3592 win32sl - ok
11:25:08.0390 3592 windrvNT - ok
11:25:08.0406 3592 WINIO - ok
11:25:08.0453 3592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:25:08.0453 3592 winmgmt - ok
11:25:08.0546 3592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:25:08.0546 3592 WmdmPmSN - ok
11:25:08.0593 3592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:25:08.0593 3592 Wmi - ok
11:25:08.0625 3592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:25:08.0640 3592 WmiApSrv - ok
11:25:08.0718 3592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:25:08.0734 3592 WMPNetworkSvc - ok
11:25:08.0750 3592 wpsdrvnt - ok
11:25:08.0781 3592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:25:08.0781 3592 WS2IFSL - ok
11:25:08.0781 3592 WscNetDr - ok
11:25:08.0828 3592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:25:08.0828 3592 wscsvc - ok
11:25:08.0843 3592 Wtcls2k - ok
11:25:08.0890 3592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:25:08.0906 3592 wuauserv - ok
11:25:08.0937 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:25:08.0937 3592 WudfPf - ok
11:25:08.0953 3592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:25:08.0953 3592 WudfRd - ok
11:25:08.0968 3592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:25:08.0968 3592 WudfSvc - ok
11:25:09.0015 3592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:25:09.0015 3592 WZCSVC - ok
11:25:09.0031 3592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:25:09.0046 3592 xmlprov - ok
11:25:09.0046 3592 z525obex - ok
11:25:09.0046 3592 zebrceb - ok
11:25:09.0062 3592 ziptoa - ok
11:25:09.0062 3592 {6080a529-897e-4629-a488-aba0c29b635e} - ok
11:25:09.0078 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:09.0453 3592 \Device\Harddisk0\DR0 - ok
11:25:09.0453 3592 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition0
11:25:09.0453 3592 \Device\Harddisk0\DR0\Partition0 - ok
11:25:09.0453 3592 ============================================================
11:25:09.0453 3592 Scan finished
11:25:09.0453 3592 ============================================================
11:25:09.0468 5628 Detected object count: 1
11:25:09.0468 5628 Actual detected object count: 1
11:25:34.0312 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
11:25:40.0875 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - copied to quarantine
11:25:40.0906 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - copied to quarantine
11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - copied to quarantine
11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - copied to quarantine
11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - copied to quarantine
11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - copied to quarantine
11:25:41.0125 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\L\regyfamx - copied to quarantine
11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - copied to quarantine
11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - copied to quarantine
11:25:41.0171 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - copied to quarantine
11:25:41.0218 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - copied to quarantine
11:25:41.0250 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - copied to quarantine
11:25:41.0296 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - copied to quarantine
11:25:41.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - copied to quarantine
11:25:41.0453 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - copied to quarantine
11:25:41.0546 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - copied to quarantine
11:25:42.0062 5628 Backup copy found, using it..
11:25:42.0078 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\2220560526 - will be deleted on reboot
11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - will be deleted on reboot
11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - will be deleted on reboot
11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - will be deleted on reboot
11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - will be deleted on reboot
11:25:43.0796 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - will be deleted on reboot
11:25:44.0062 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - will be deleted on reboot
11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - will be deleted on reboot
11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - will be deleted on reboot
11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - will be deleted on reboot
11:25:44.0390 5628 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure
11:26:02.0046 4196 Deinitialize success

Here is the log from ComboFix:

ComboFix 12-04-09.04 - John & Wendy 04/09/2012 11:46:37.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.2535 [GMT -4:00]
Running from: c:\documents and settings\John & Wendy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\s125mdm.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MREMPR5
-------\Legacy_SERVICE
-------\Legacy_TNIDRIVER
-------\Service_MREMPR5
-------\Service_service
-------\Service_tnidriver
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 15:25 . 2012-04-09 15:25 98992 ----a-w- c:\windows\system32\drivers\67092840.sys
2012-04-09 15:25 . 2012-04-09 15:25 75264 ----a-w- c:\windows\system32\drivers\tsk3C.tmp
2012-04-09 15:25 . 2012-04-09 15:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 17:23 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi
2012-04-06 17:15 . 2012-04-06 17:15 -------- d-----w- c:\documents and settings\Zach\Application Data\PureEdge
2012-04-06 02:28 . 2012-04-06 13:33 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\LogMeIn Hamachi
2012-04-06 02:28 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\LogMeIn Hamachi
2012-04-06 02:27 . 2012-04-06 02:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-04-05 02:56 . 2012-04-05 02:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 02:26 . 2012-04-05 02:26 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\PCHealth
2012-04-05 01:55 . 2012-04-05 01:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-04-05 00:29 . 2012-04-05 00:29 -------- d-----w- c:\documents and settings\Zach\Application Data\NVIDIA
2012-04-04 23:50 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-04 23:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-04 21:51 . 2012-04-04 21:51 -------- d-----w- C:\6802ba65daf0b3e792
2012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- c:\program files\Ask.com
2012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- C:\Firefox
2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\Google
2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:33 . 2012-04-04 21:33 -------- d--h--w- c:\documents and settings\Zach\InstallAnywhere
2012-04-04 21:29 . 2012-04-04 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-04-04 21:01 . 2012-04-04 21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 20:50 . 2012-04-04 20:51 -------- d-----w- c:\program files\Minecraft
2012-04-02 22:00 . 2012-02-24 13:16 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-04-02 22:00 . 2012-02-24 13:16 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-04-02 22:00 . 2012-02-24 13:16 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-31 19:04 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2012-03-31 19:03 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-03-31 19:03 . 2012-03-31 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Temp
2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Google
2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\program files\Google
2012-03-31 18:56 . 2011-09-28 17:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-31 18:55 . 2012-02-24 14:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-31 18:55 . 2012-02-24 14:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\TestApp
2012-03-31 18:49 . 2012-03-31 18:49 -------- d-sh--w- c:\documents and settings\UpdatusUser\PrivacIE
2012-03-31 18:48 . 2012-03-31 18:48 -------- d-sh--w- c:\documents and settings\UpdatusUser\IECompatCache
2012-03-31 18:48 . 2012-03-31 18:48 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Threat Expert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 02:56 . 2011-05-17 22:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 21:28 . 2011-03-27 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 20:55 . 2012-03-31 18:41 3277632 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old
2012-02-24 14:37 . 2011-12-12 00:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-02-24 14:31 . 2011-12-12 00:43 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-02-17 19:08 . 2011-12-12 03:10 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-17 19:08 . 2011-12-12 03:10 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-02-17 19:08 . 2011-12-12 03:10 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-02-17 19:08 . 2011-12-12 03:10 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApproveItForOfficeSetup"="c:\program files\APPROVEIT" [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-29 18790432]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-12 174616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-12 145432]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2012-02-24 2659768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tyler\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Zach\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
backup=c:\windows\pss\ApproveIt StartUp.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2009-12-28 22:49 121472 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 20:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-12 05:57 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-06-12 16:08 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 15:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-24 22:31 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/11/2011 8:43 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/11/2011 8:43 PM 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/11/2011 8:43 PM 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/2/2012 6:00 PM 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/2/2012 6:00 PM 574424]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/6/2011 11:15 PM 11448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/15/2011 5:48 PM 89792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/11/2011 8:43 PM 253352]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [3/31/2012 2:55 PM 185560]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/6/2011 11:15 PM 96896]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2011 11:10 PM 550864]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [10/16/2009 11:42 AM 319488]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/28/2012 5:38 PM 1373576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 9:28 PM 652360]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/15/2011 5:48 PM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/15/2011 5:48 PM 150856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 10:13 AM 2255464]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/11/2011 8:42 PM 402336]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/15/2011 5:48 PM 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 9:28 PM 20464]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/15/2011 5:48 PM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:55 AM 119528]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [3/31/2012 2:56 PM 56840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/11/2011 8:42 PM 70536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2012 2:59 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:56 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/6/2011 8:27 PM 1691480]
S3 cxbu0wdm;SmartTerminal XX44;c:\windows\system32\drivers\cxbu0wdm.sys [12/20/2011 10:49 AM 114304]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1/6/2011 9:32 PM 235520]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/15/2011 5:48 PM 87656]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/7/2010 12:19 AM 57856]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/2/2012 6:00 PM 35264]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2011 4:49 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DATUNIDR
*Deregistered* - mfeavfk01
*Deregistered* - PCTSDInjDriver32
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
NMSAccessU
ibmsmbus
filterservice
btnetfilter
ASNDIS5
pxfhbus
O2SCBUS
lhidusb
fasttrackinstallerservice
nalntservice
SE2Bmdfl
pavdrv
ghoststartservice
freebsd
DgiVecp
license
StkScan
s3psddr
lxcz_device
V0080Dev
iftpsvc
oracleorahome90agent
NeroMediaHomeService.4
OracleOraHome92ClientCache
S3GIGP
qserver
websenseuserservice
transbaseservice
AmdLLD
whoisd32
FsVga
nimcdlbk
sfman
rollbackclientservice
MRESP50
RTHDMIAzAudService
WDM_YAMAHAAC97
cq_mem
milshieldcleaner
mferkdk
USBModem
PID_08A0
LMouKE
symappcore
rchost
traprcvr
AeLookupSvc
lxcccustomerconnect
sfhlp01
ipodservice
uphclean
cxlpt
zebrceb
nnsvc
atitool
ET5Drv
defwatch
eloggersvc6
siside
lbtserv
tsmapip
se59mgmt
tvichw32
symsecureport
PTDCBus
sdbus
dcstor32
tfsndrct
upperdev
smrt
NuidFltr
CnxTrUsb
se58mdm
dlaudfam
Freedom
cpqdmi
SetupNT
nvata
mssql$sony_mediamgr
apfiltrservice
cbidf
elotouchscreen
Cam5603C
IPSECSHM
SprintRcAppSvc
s116bus
EU3_USB
DCamUSBMke2
vpcbus
ikfileflt
ctljystk
oraclemtsrecoveryservice
roxliveshare9
dcpflics
vetfddnt
z525obex
w39n51
racsvc
konfig
ICM10USB
RTL8169
RSAFAL
cqmghost
irmon
NMSSvc
ELmou
Afc
ibmpmdrv
adpu320
Ndisipo
us30service
AR5416
ssoftservice
w800bus
v2imount
HPFECP20
mhn
{6080a529-897e-4629-a488-aba0c29b635e}
W700mdfl
autostore
s116unic
nmsaccess
l8042pr2
mscsptisrv
U81xbus
lockmgr
rampartsvc
idechndr
tunnelguardservice
owstimer
DCamUSBSQTECH
sbhooksvc
lwwlicenseservice
aksusb
fgdxbus
dwmrcs
RTSTOR
besclient
awecho
ati
lvselsus
ROOTUSB
HFACSVC
datunidr
adobeversioncue
SE2Cmgmt
ATKFUSService
SWMX00
ProcObsrv
Angel2
pfmodnt
SrvcEKIOMngr
ccflic0
ALABULK
oracleorahometnslistener
DCamUSBGrandTek
cwafadmincontroller
sglfb
CTSBLFX.DLL
cpqarry2
s125mdm
bdfdll
WscNetDr
hpdskflt
stylexphelper
ltck000c
JGOGO
cpucoolserver
sstpsvc
websensepolicyserver
softfax
AVRec
WIBUKEY
U2SP
viaudio
amusbprt
wpsdrvnt
dnserver32
WINIO
iaantmon
pcctlcom
DMUSBUSBDCam
AlteraByteBlaster
Cam5603D
purendis
ohci1394
parallel
ziptoa
lsdiorw
U3sHlpDr
usnsvc
VirtualFD
dirms_defragmentation
tosrfec
s116obex
rxmssync
comhost
Wtcls2k
iaimfp1
lmimaint
spbbcsvc
filechecker
cvslock
egathdrv
issuser
speedfan
sansaservice
oraclesnmppeerencapsulator
s616obex
mvwebserver
diskeeper
cpqdfw
iaimfp2
SE27bus
mxserver
vmnetdhcp
TestHandler
edspport
NSSvcMgr
qfcoresvc
crauto
mssqlserver
fshttps
pdlnecfg
BUFADPT
cachemgr
bufserv
adiloader
PSI_SVC_2
rt73
sprtsvc_dellsupportcenter
backupexecrpcservice
pchost
iolodmv
NWHOST
shdserv
bthpan
rupsd
surveyor
se2End5
ctaud2k
w800mdfl
cis1284
tvtpktfilter
digisptiservice
quickhealfirewall
kraidsvc
awhost32
backupexecalertserver
XUIF
amdppm
AF15BDA
win32sl
pavprsrv
timounter
de_serv
oracle_load_balancer_60_client-forms6i
rnadirmultiplexor
psdistributionagent
ql2100
iksysflt
vncmirror
VAIOMediaPlatform-PhotoServer-HTTP
SWUMX20
NVR0FLASHDev
acrsch2svc
wlmel51b
windrvNT
ofcpfwsvc
winachsx
Invoker
arcltsrv
AsDsm
icm10blk
qbcfmonitorservice
ha10kx2k
wacommousefilter
SQLAgent$ABBEYIIOFFLINE
VHidMinidrv
eeyeevnt
navapel
psasrv
SE26mdm
appdrv
MTDVC2
S7oppilx
pdlndlpb
W8335XP
tunmp
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:56]
.
2012-04-09 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2011-01-09 04:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-PCTools FGuard - c:\program files\PC Tools Security\BDT\FGuard.exe
SafeBoot-51262312.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 12:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-2077806209-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:59,46,75,ac,71,11,35,86,6c,80,40,84,24,75,9f,dd,74,27,68,bb,47,
58,6a,67,a7,28,46,55,5b,3c,86,32,68,5a,ef,ee,a0,54,7f,b9,2f,a7,80,61,19,d8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'lsass.exe'(1408)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5996)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\RTHDCPL.EXE
c:\\.\globalroot\SystemRoot\system32\svchost.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
.
**************************************************************************
.
Completion time: 2012-04-09 12:12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 16:12
.
Pre-Run: 467,767,496,704 bytes free
Post-Run: 469,573,996,544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 19B1E6E2540BF43F21ACE54674B5C85A

Thank you so much for helping! I do appreciate it very much!

#8
Larusso

Posted 09 April 2012 - 12:48 PM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Well done. Some things needs our attention.

Download OTL to your Desktop.

Double click on the icon to run it.
Under the box paste this in

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#9
Teed55

Posted 09 April 2012 - 09:52 PM

New Member

Members
13 posts

Gender:Female

OTL Log:

OTL logfile created on: 4/9/2012 10:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free
5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/30 09:11:18 | 000,794,824 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/04/04 22:48:36 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/04 22:37:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/04/04 22:36:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/04 22:36:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/04/04 22:36:24 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/04 22:34:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})
SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...67-E05BD61C464A
IE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/09 22:26:49 | 000,000,000 | ---D | M]

[2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/09 12:06:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not found
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1294364092906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - %systemroot%\system32\quickhealfirewall.dll File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: NMSAccessU - %systemroot%\system32\SE2Cmdm.dll File not found
NetSvcs: ibmsmbus - File not found
NetSvcs: filterservice - File not found
NetSvcs: btnetfilter - %systemroot%\system32\LVCap138.dll File not found
NetSvcs: ASNDIS5 - File not found
NetSvcs: pxfhbus - File not found
NetSvcs: O2SCBUS - File not found
NetSvcs: lhidusb - %systemroot%\system32\MKEMUSB.dll File not found
NetSvcs: fasttrackinstallerservice - %systemroot%\system32\atfsd.dll File not found
NetSvcs: nalntservice - File not found
NetSvcs: SE2Bmdfl - File not found
NetSvcs: pavdrv - File not found
NetSvcs: ghoststartservice - File not found
NetSvcs: freebsd - File not found
NetSvcs: DgiVecp - File not found
NetSvcs: license - File not found
NetSvcs: StkScan - File not found
NetSvcs: s3psddr - File not found
NetSvcs: lxcz_device - File not found
NetSvcs: V0080Dev - File not found
NetSvcs: iftpsvc - %systemroot%\system32\advservice.dll File not found
NetSvcs: oracleorahome90agent - %systemroot%\system32\SE2Cmdfl.dll File not found
NetSvcs: NeroMediaHomeService.4 - %systemroot%\system32\qcdonner.dll File not found
NetSvcs: OracleOraHome92ClientCache - %systemroot%\system32\fallback.dll File not found
NetSvcs: S3GIGP - %systemroot%\system32\addfiltr.dll File not found
NetSvcs: qserver - %systemroot%\system32\dlacdbhm.dll File not found
NetSvcs: websenseuserservice - %systemroot%\system32\s125mgmt.dll File not found
NetSvcs: transbaseservice - File not found
NetSvcs: AmdLLD - File not found
NetSvcs: whoisd32 - File not found
NetSvcs: FsVga - C:\WINDOWS\System32\drivers\fsvga.sys (Microsoft Corporation)
NetSvcs: nimcdlbk - File not found
NetSvcs: sfman - File not found
NetSvcs: rollbackclientservice - File not found
NetSvcs: MRESP50 - File not found
NetSvcs: RTHDMIAzAudService - File not found
NetSvcs: WDM_YAMAHAAC97 - File not found
NetSvcs: cq_mem - File not found
NetSvcs: milshieldcleaner - File not found
NetSvcs: mferkdk - File not found
NetSvcs: USBModem - File not found
NetSvcs: PID_08A0 - File not found
NetSvcs: LMouKE - %systemroot%\system32\dtscsi.dll File not found
NetSvcs: symappcore - File not found
NetSvcs: rchost - File not found
NetSvcs: traprcvr - File not found
NetSvcs: AeLookupSvc - File not found
NetSvcs: lxcccustomerconnect - File not found
NetSvcs: sfhlp01 - File not found
NetSvcs: ipodservice - File not found
NetSvcs: uphclean - File not found
NetSvcs: cxlpt - File not found
NetSvcs: zebrceb - %systemroot%\system32\spmd.dll File not found
NetSvcs: nnsvc - %systemroot%\system32\USIUDF.dll File not found
NetSvcs: atitool - %systemroot%\system32\pchost.dll File not found
NetSvcs: ET5Drv - %systemroot%\system32\incdfs.dll File not found
NetSvcs: defwatch - %systemroot%\system32\superproserver.dll File not found
NetSvcs: eloggersvc6 - %systemroot%\system32\cm102u32.dll File not found
NetSvcs: siside - %systemroot%\system32\siswlsvc.dll File not found
NetSvcs: tvichw32 - File not found
NetSvcs: symsecureport - %systemroot%\system32\s217unic.dll File not found
NetSvcs: PTDCBus - %systemroot%\system32\bthusb.dll File not found
NetSvcs: sdbus - %systemroot%\system32\ctdvda2k.dll File not found
NetSvcs: dcstor32 - %systemroot%\system32\int15.sys.dll File not found
NetSvcs: tfsndrct - %systemroot%\system32\modem.dll File not found
NetSvcs: upperdev - %systemroot%\system32\vxd.dll File not found
NetSvcs: smrt - %systemroot%\system32\iolodmv.dll File not found
NetSvcs: NuidFltr - %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll File not found
NetSvcs: CnxTrUsb - %systemroot%\system32\ser2plms.dll File not found
NetSvcs: se58mdm - %systemroot%\system32\GoogleDesktopManager-010708-104812.dll File not found
NetSvcs: dlaudfam - %systemroot%\system32\Alpham1.dll File not found
NetSvcs: Freedom - %systemroot%\system32\pccsmcfd.dll File not found
NetSvcs: cpqdmi - %systemroot%\system32\TNaviSrv.dll File not found
NetSvcs: SetupNT - %systemroot%\system32\aksfridge.dll File not found
NetSvcs: nvata - %systemroot%\system32\crcdisk.dll File not found
NetSvcs: mssql$sony_mediamgr - %systemroot%\system32\pktfilter.dll File not found
NetSvcs: elotouchscreen - %systemroot%\system32\WMIService.dll File not found
NetSvcs: Cam5603C - %systemroot%\system32\BCMTPM.dll File not found
NetSvcs: IPSECSHM - %systemroot%\system32\backupexecjobengine.dll File not found
NetSvcs: SprintRcAppSvc - %systemroot%\system32\cercsr6.dll File not found
NetSvcs: s116bus - %systemroot%\system32\prfldsvc.dll File not found
NetSvcs: EU3_USB - %systemroot%\system32\RIOUNIV.dll File not found
NetSvcs: DCamUSBMke2 - %systemroot%\system32\napagent.dll File not found
NetSvcs: vpcbus - %systemroot%\system32\basic2.dll File not found
NetSvcs: ikfileflt - %systemroot%\system32\knobserv.dll File not found
NetSvcs: ctljystk - %systemroot%\system32\symantecantibotdriver.dll File not found
NetSvcs: oraclemtsrecoveryservice - %systemroot%\system32\sonytvc.dll File not found
NetSvcs: roxliveshare9 - %systemroot%\system32\tvs.dll File not found
NetSvcs: dcpflics - %systemroot%\system32\nvraid.dll File not found
NetSvcs: vetfddnt - %systemroot%\system32\ntiopnp.dll File not found
NetSvcs: z525obex - %systemroot%\system32\navapel.dll File not found
NetSvcs: w39n51 - %systemroot%\system32\wkscfgsrv.dll File not found
NetSvcs: racsvc - %systemroot%\system32\JavaQuickStarterService.dll File not found
NetSvcs: ICM10USB - %systemroot%\system32\ptilink.dll File not found
NetSvcs: RTL8169 - %systemroot%\system32\roxwatch9.dll File not found
NetSvcs: RSAFAL - %systemroot%\system32\maya70docserver.dll File not found
NetSvcs: cqmghost - %systemroot%\system32\sbpci.dll File not found
NetSvcs: irmon - %systemroot%\system32\quickhealfirewall.dll File not found
NetSvcs: NMSSvc - %systemroot%\system32\iaimfp0.dll File not found
NetSvcs: ELmou - %systemroot%\system32\radclock.dll File not found
NetSvcs: Afc - %systemroot%\system32\lxcj_device.dll File not found
NetSvcs: ibmpmdrv - %systemroot%\system32\ma_cmidi_installerservice.dll File not found
NetSvcs: adpu320 - %systemroot%\system32\tcpip.dll File not found
NetSvcs: Ndisipo - %systemroot%\system32\hcwPVRP2.dll File not found
NetSvcs: us30service - %systemroot%\system32\TPwSav.dll File not found
NetSvcs: AR5416 - %systemroot%\system32\ASMMAP.dll File not found
NetSvcs: ssoftservice - %systemroot%\system32\egathdrv.dll File not found
NetSvcs: w800bus - %systemroot%\system32\SunkFilt.dll File not found
NetSvcs: v2imount - %systemroot%\system32\hsvcmod.dll File not found
NetSvcs: HPFECP20 - %systemroot%\system32\pavsrv.dll File not found
NetSvcs: mhn - %systemroot%\system32\DSXUSB.dll File not found
NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - %systemroot%\system32\ndistapi.dll File not found
NetSvcs: W700mdfl - %systemroot%\system32\roxupnprenderer.dll File not found
NetSvcs: autostore - %systemroot%\system32\CiscoVpnInstallService.dll File not found
NetSvcs: s116unic - %systemroot%\system32\lcs.dll File not found
NetSvcs: l8042pr2 - %systemroot%\system32\iPassPeriodicUpdateService.dll File not found
NetSvcs: mscsptisrv - %systemroot%\system32\s116unic.dll File not found
NetSvcs: U81xbus - %systemroot%\system32\nvport.dll File not found
NetSvcs: lockmgr - %systemroot%\system32\RTHDMIAzAudService.dll File not found
NetSvcs: rampartsvc - %systemroot%\system32\CAM1210.dll File not found
NetSvcs: idechndr - %systemroot%\system32\cachemgr.dll File not found
NetSvcs: tunnelguardservice - %systemroot%\system32\cmbatt.dll File not found
NetSvcs: owstimer - %systemroot%\system32\acmservice.dll File not found
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\Pctspk.dll File not found
NetSvcs: sbhooksvc - %systemroot%\system32\aolservice.dll File not found
NetSvcs: lwwlicenseservice - %systemroot%\system32\sandradatasrv.dll File not found
NetSvcs: aksusb - %systemroot%\system32\cvspydr2.dll File not found
NetSvcs: fgdxbus - %systemroot%\system32\MA8032U.dll File not found
NetSvcs: dwmrcs - %systemroot%\system32\RivaTuner32.dll File not found
NetSvcs: RTSTOR - %systemroot%\system32\termservice.dll File not found
NetSvcs: besclient - %systemroot%\system32\npkcmsvc.dll File not found
NetSvcs: awecho - %systemroot%\system32\enum1394.dll File not found
NetSvcs: ati - %systemroot%\system32\tmmbd.dll File not found
NetSvcs: lvselsus - %systemroot%\system32\iwebcal.dll File not found
NetSvcs: ROOTUSB - %systemroot%\system32\anio.dll File not found
NetSvcs: HFACSVC - %systemroot%\system32\kpfwsvc.dll File not found
NetSvcs: datunidr - File not found
NetSvcs: USBDeviceService - %systemroot%\system32\w550bus.dll File not found
NetSvcs: vpctcom - %systemroot%\system32\EpmShd.dll File not found
NetSvcs: adobeversioncue - File not found
NetSvcs: SE2Cmgmt - %systemroot%\system32\backupexecnamingservice.dll File not found
NetSvcs: ATKFUSService - %systemroot%\system32\KS0108.dll File not found
NetSvcs: SWMX00 - %systemroot%\system32\nmwcdc.dll File not found
NetSvcs: ProcObsrv - %systemroot%\system32\rsvchost.dll File not found
NetSvcs: Angel2 - %systemroot%\system32\sfng32.dll File not found
NetSvcs: pfmodnt - %systemroot%\system32\HPFECP20.dll File not found
NetSvcs: SrvcEKIOMngr - %systemroot%\system32\dcomlaunch.dll File not found
NetSvcs: ccflic0 - %systemroot%\system32\aswlsvc.dll File not found
NetSvcs: ALABULK - %systemroot%\system32\lxdmCATSCustConnectService.dll File not found
NetSvcs: oracleorahometnslistener - %systemroot%\system32\pdengine.dll File not found
NetSvcs: DCamUSBGrandTek - %systemroot%\system32\WavxDMgr.dll File not found
NetSvcs: cwafadmincontroller - %systemroot%\system32\ghostsec.dll File not found
NetSvcs: sglfb - %systemroot%\system32\Invoker.dll File not found
NetSvcs: CTSBLFX.DLL - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not found
NetSvcs: cpqarry2 - %systemroot%\system32\psasrv.dll File not found
NetSvcs: s125mdm - %systemroot%\system32\iviregmgr.dll File not found
NetSvcs: bdfdll - %systemroot%\system32\A88xXBar.dll File not found
NetSvcs: WscNetDr - %systemroot%\system32\winpower.dll File not found
NetSvcs: hpdskflt - %systemroot%\system32\avg7alrt.dll File not found
NetSvcs: stylexphelper - %systemroot%\system32\vstor2.dll File not found
NetSvcs: ltck000c - %systemroot%\system32\EUSBMSD.dll File not found
NetSvcs: JGOGO - %systemroot%\system32\ndiscm.dll File not found
NetSvcs: cpucoolserver - %systemroot%\system32\mcdbus.dll File not found
NetSvcs: sstpsvc - %systemroot%\system32\portio.dll File not found
NetSvcs: websensepolicyserver - %systemroot%\system32\smservaz.dll File not found
NetSvcs: softfax - %systemroot%\system32\senfilt.dll File not found
NetSvcs: AVRec - %systemroot%\system32\tsmapip.dll File not found
NetSvcs: WIBUKEY - %systemroot%\system32\scarddrv.dll File not found
NetSvcs: U2SP - %systemroot%\system32\WNIPROT5.dll File not found
NetSvcs: viaudio - %systemroot%\system32\carboniteservice.dll File not found
NetSvcs: amusbprt - %systemroot%\system32\cmuda.dll File not found
NetSvcs: wpsdrvnt - %systemroot%\system32\mcafeeantispyware.dll File not found
NetSvcs: dnserver32 - %systemroot%\system32\emclisrv.dll File not found
NetSvcs: WINIO - %systemroot%\system32\PCDCODEC.dll File not found
NetSvcs: iaantmon - %systemroot%\system32\yukonwxp.dll File not found
NetSvcs: pcctlcom - %systemroot%\system32\soma.dll File not found
NetSvcs: DMUSBUSBDCam - %systemroot%\system32\lvupdtio.dll File not found
NetSvcs: AlteraByteBlaster - %systemroot%\system32\W55U01.dll File not found
NetSvcs: Cam5603D - %systemroot%\system32\MA8032M.dll File not found
NetSvcs: purendis - %systemroot%\system32\ndproxy.dll File not found
NetSvcs: ohci1394 - %systemroot%\system32\w29n51.dll File not found
NetSvcs: parallel - %systemroot%\system32\mail2ec.dll File not found
NetSvcs: ziptoa - %systemroot%\system32\NVENET.dll File not found
NetSvcs: U3sHlpDr - File not found
NetSvcs: usnsvc - %systemroot%\system32\hclinetd.dll File not found
NetSvcs: VirtualFD - %systemroot%\system32\WNCPKT.dll File not found
NetSvcs: dirms_defragmentation - %systemroot%\system32\orbmediaservice.dll File not found
NetSvcs: tosrfec - %systemroot%\system32\L8042Kbd.dll File not found
NetSvcs: s116obex - %systemroot%\system32\pserve.dll File not found
NetSvcs: rxmssync - %systemroot%\system32\WGX.dll File not found
NetSvcs: comhost - %systemroot%\system32\kpf4.dll File not found
NetSvcs: Wtcls2k - %systemroot%\system32\btdriver.dll File not found
NetSvcs: iaimfp1 - %systemroot%\system32\mmc_2K.dll File not found
NetSvcs: lmimaint - %systemroot%\system32\i81x.dll File not found
NetSvcs: spbbcsvc - %systemroot%\system32\emitray.dll File not found
NetSvcs: filechecker - %systemroot%\system32\sfman.dll File not found
NetSvcs: cvslock - %systemroot%\system32\bt3cusb.dll File not found
NetSvcs: egathdrv - %systemroot%\system32\mvserver.dll File not found
NetSvcs: issuser - %systemroot%\system32\PCASp50.dll File not found
NetSvcs: speedfan - %systemroot%\system32\btkrnl.dll File not found
NetSvcs: sansaservice - %systemroot%\system32\p17.dll File not found
NetSvcs: s616obex - %systemroot%\system32\SE2Bmdfl.dll File not found
NetSvcs: mvwebserver - %systemroot%\system32\websensecpmcommunicationagent.dll File not found
NetSvcs: diskeeper - %systemroot%\system32\apfiltrservice.dll File not found
NetSvcs: cpqdfw - %systemroot%\system32\tangoservice.dll File not found
NetSvcs: iaimfp2 - %systemroot%\system32\USR1806V.dll File not found
NetSvcs: SE27bus - %systemroot%\system32\BCM43XV.dll File not found
NetSvcs: mxserver - %systemroot%\system32\se58bus.dll File not found
NetSvcs: vmnetdhcp - %systemroot%\system32\w3svc.dll File not found
NetSvcs: TestHandler - %systemroot%\system32\VRADFIL.dll File not found
NetSvcs: edspport - %systemroot%\system32\ino_flpy.dll File not found
NetSvcs: NSSvcMgr - %systemroot%\system32\stcagent.dll File not found
NetSvcs: qfcoresvc - %systemroot%\system32\raidmsvr.dll File not found
NetSvcs: crauto - %systemroot%\system32\SQLAgent$LG_LP2.dll File not found
NetSvcs: mssqlserver - %systemroot%\system32\igniteservice.exe.dll File not found
NetSvcs: fshttps - %systemroot%\system32\symc8xx.dll File not found
NetSvcs: pdlnecfg - %systemroot%\system32\WaveFDE.dll File not found
NetSvcs: BUFADPT - %systemroot%\system32\fix.dll File not found
NetSvcs: cachemgr - %systemroot%\system32\trlokom_rmhsvc.dll File not found
NetSvcs: rt73 - %systemroot%\system32\WD_FireWire_HID.dll File not found
NetSvcs: sprtsvc_dellsupportcenter - File not found
NetSvcs: backupexecrpcservice - File not found
NetSvcs: pchost - File not found
NetSvcs: iolodmv - File not found
NetSvcs: NWHOST - %systemroot%\system32\zpjava.dll File not found
NetSvcs: shdserv - %systemroot%\system32\bc_tdi_f.dll File not found
NetSvcs: rupsd - File not found
NetSvcs: surveyor - File not found
NetSvcs: se2End5 - File not found
NetSvcs: ctaud2k - File not found
NetSvcs: w800mdfl - File not found
NetSvcs: cis1284 - File not found
NetSvcs: tvtpktfilter - File not found
NetSvcs: digisptiservice - File not found
NetSvcs: quickhealfirewall - File not found
NetSvcs: kraidsvc - File not found
NetSvcs: awhost32 - File not found
NetSvcs: backupexecalertserver - File not found
NetSvcs: XUIF - File not found
NetSvcs: amdppm - File not found
NetSvcs: AF15BDA - File not found
NetSvcs: win32sl - %systemroot%\system32\tosrfnds.dll File not found
NetSvcs: pavprsrv - File not found
NetSvcs: timounter - File not found
NetSvcs: de_serv - File not found
NetSvcs: oracle_load_balancer_60_client-forms6i - File not found
NetSvcs: rnadirmultiplexor - File not found
NetSvcs: psdistributionagent - File not found
NetSvcs: ql2100 - File not found
NetSvcs: iksysflt - %systemroot%\system32\spcsutilityservice.dll File not found
NetSvcs: vncmirror - %systemroot%\system32\dktknsrv.dll File not found
NetSvcs: VAIOMediaPlatform-PhotoServer-HTTP - %systemroot%\system32\caccprovsp.dll File not found
NetSvcs: SWUMX20 - %systemroot%\system32\isdrv120.dll File not found
NetSvcs: NVR0FLASHDev - %systemroot%\system32\shdserv.dll File not found
NetSvcs: acrsch2svc - %systemroot%\system32\iaimfp2.dll File not found
NetSvcs: wlmel51b - File not found
NetSvcs: windrvNT - %systemroot%\system32\NVTCP.dll File not found
NetSvcs: ofcpfwsvc - %systemroot%\system32\SrvcSSIOMngr.dll File not found
NetSvcs: winachsx - File not found
NetSvcs: Invoker - File not found
NetSvcs: arcltsrv - File not found
NetSvcs: AsDsm - File not found
NetSvcs: icm10blk - %systemroot%\system32\se27unic.dll File not found
NetSvcs: qbcfmonitorservice - File not found
NetSvcs: ha10kx2k - File not found
NetSvcs: wacommousefilter - File not found
NetSvcs: SQLAgent$ABBEYIIOFFLINE - File not found
NetSvcs: VHidMinidrv - File not found
NetSvcs: eeyeevnt - File not found
NetSvcs: navapel - File not found
NetSvcs: psasrv - %systemroot%\system32\lxbt_device.dll File not found
NetSvcs: SE26mdm - File not found
NetSvcs: appdrv - File not found
NetSvcs: MTDVC2 - File not found
NetSvcs: S7oppilx - File not found
NetSvcs: pdlndlpb - File not found
NetSvcs: W8335XP - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk - - File not found
MsConfig - StartUpReg: ASUS Update Checker - hkey= - key= - C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe (ASUSTeK Computer Inc.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 11:37:59 | 004,453,897 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe
[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys
[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe
[2012/04/06 23:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr
[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools
[2012/04/06 23:18:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com
[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi
[2012/04/06 13:10:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth
[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792
[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft
[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 22:34:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/09 22:33:27 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
[2012/04/09 22:23:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 22:23:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 22:23:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 12:10:57 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/09 12:10:57 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/09 12:06:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/09 12:05:54 | 000,753,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/09 11:38:04 | 004,453,897 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe
[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys
[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip
[2012/04/08 22:52:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/08 22:46:02 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe
[2012/04/06 23:50:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr
[2012/04/06 23:18:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com
[2012/04/06 21:46:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk
[2012/04/06 14:00:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe
[2012/04/06 13:56:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe
[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/05 21:06:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/04 17:15:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip
[2012/04/06 13:59:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe
[2012/04/06 13:55:57 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe
[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old
[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac
[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0
[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge
[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE
[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/07/19 15:08:21 | 000,000,000 | ---D | M] -- C:\053eea491c5fc9b2c72bfb42e521
[2011/12/24 23:22:53 | 000,000,000 | ---D | M] -- C:\3df72c8464bb5f5dd77263cd56db
[2012/04/04 17:51:24 | 000,000,000 | ---D | M] -- C:\6802ba65daf0b3e792
[2011/01/08 13:42:58 | 000,000,000 | ---D | M] -- C:\814b825119a9056f53be
[2012/04/09 07:00:29 | 000,000,000 | ---D | M] -- C:\ASUS.000
[2011/01/06 23:18:28 | 000,000,000 | ---D | M] -- C:\ASUS.SYS
[2011/01/07 15:20:37 | 000,000,000 | ---D | M] -- C:\ATI
[2012/04/09 11:44:51 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011/01/09 16:24:43 | 000,000,000 | ---D | M] -- C:\col3927
[2012/04/06 13:20:34 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011/01/07 15:20:18 | 000,000,000 | ---D | M] -- C:\Diamond
[2011/12/11 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011/12/11 20:55:31 | 000,000,000 | -H-D | M] -- C:\dvmexp
[2012/04/04 17:39:15 | 000,000,000 | ---D | M] -- C:\Firefox
[2011/01/06 21:28:00 | 000,000,000 | ---D | M] -- C:\Intel
[2011/01/07 20:26:07 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011/08/20 10:12:51 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/04/06 13:15:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/04/09 12:12:49 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/12/20 11:43:23 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2011/12/11 20:43:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/04/09 11:25:34 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011/12/23 17:33:42 | 000,000,000 | ---D | M] -- C:\temp
[2012/04/09 22:26:53 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011/01/06 21:31:15 | 000,000,000 | ---D | M] -- C:\WUTemp

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
[2004/08/04 03:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-30 01:22:11

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

#10
Teed55

Posted 09 April 2012 - 09:53 PM

New Member

Members
13 posts

Gender:Female

OTL Extras log:

OTL Extras logfile created on: 4/9/2012 10:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free
5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{713AB069-D22F-4C15-89F0-0FEE92D9AD47}" = PS7600
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}" = Microsoft S/MIME
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Browser Defender_is1" = Browser Defender 4.0
"Cisco Connect" = Cisco Connect
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuickTime" = QuickTime
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 6:21:38 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4528 (0x11b0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\LTWEB12n.dll
by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/8/2012 12:15:45 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2036 (0x7f4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools
Security\TransactionResults\Transaction123.xml by C:\Program Files\PC Tools Security\pctsSvc.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 10:55:04 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3000 (0xbb8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western
Digital\WD SmartWare\Front Parlor\config\DefaultRules.xml by C:\Program Files\PC
Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)

Error - 4/9/2012 10:55:14 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2580 (0xa14) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools
Security\TransactionResults\Transaction125.xml by C:\Program Files\PC Tools Security\pctsSvc.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:03:39 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5136 (0x1410) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:06:02 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4052 (0xfd4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools
Security\BDT\EN.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:12:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3800 (0xed8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western
Digital\WD SmartWare\Front Parlor\ConfigManager.xml by C:\Program Files\PC Tools
Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:30:27 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4064 (0xfe0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools
Security\TransactionResults\Transaction126.xml by C:\Program Files\PC Tools Security\pctsSvc.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:32:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4628 (0x1214) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John
& Wendy\Local Settings\Temporary Internet Files\Content.IE5\AIZINXSZ\anatm[1].js
by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:35:05 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5348 (0x14e4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John
& Wendy\Local Settings\Temporary Internet Files\Content.IE5\D905BXDA\brief[1].xml
by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 4/8/2012 10:57:47 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 10:58:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 10:59:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:00:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:01:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:02:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:03:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:04:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:05:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 11:06:24 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023
Description = The Digirefresh service terminated with the following error: %%126

< End of report >

#11
Larusso

Posted 09 April 2012 - 11:25 PM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the Posted Image

Box:

:otl
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
  6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
  57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00
:commands
[reboot]

Please close all other programs now.
Then click the Run Fix button at the top.
OTL may ask to reboot the machine. Please do so if asked.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#12
Teed55

Posted 11 April 2012 - 10:05 PM

New Member

Members
13 posts

Gender:Female

I got the OTL to run, but had problems with Combofix. When I tried to use Combofix it locked up the computer and I had to reboot. I tried to use it a second time and this time it is stuck on the blue text box and says: Combofix preparing to run... Attempting to create a new System Restore point. And it is stuck at this point. I'm not sure what to do now.... Would it be ok to turn it off or reboot the computer? (Having to type this out from my laptop since the desktop comp is locked up.)

#13
Teed55

Posted 12 April 2012 - 09:01 AM

New Member

Members
13 posts

Gender:Female

Be prepared for a lot of work to remove it. Our desktop was completely rebuilt this past fall and we spent a lot of $$$ on it. And even with Malwarebytes, McAfee & PCdoctor.. we still got that virus.

#14
Teed55

Posted 12 April 2012 - 09:17 AM

New Member

Members
13 posts

Gender:Female

Daniel, here is the OTL log:

========== OTL ==========
Service ziptoa stopped successfully!
Service ziptoa deleted successfully!
File %systemroot%\system32\NVENET.dll not found.
Service zebrceb stopped successfully!
Service zebrceb deleted successfully!
File %systemroot%\system32\spmd.dll not found.
Service z525obex stopped successfully!
Service z525obex deleted successfully!
File %systemroot%\system32\navapel.dll not found.
Service Wtcls2k stopped successfully!
Service Wtcls2k deleted successfully!
File %systemroot%\system32\btdriver.dll not found.
Service WscNetDr stopped successfully!
Service WscNetDr deleted successfully!
File %systemroot%\system32\winpower.dll not found.
Service wpsdrvnt stopped successfully!
Service wpsdrvnt deleted successfully!
File %systemroot%\system32\mcafeeantispyware.dll not found.
Service WINIO stopped successfully!
Service WINIO deleted successfully!
File %systemroot%\system32\PCDCODEC.dll not found.
Service windrvNT stopped successfully!
Service windrvNT deleted successfully!
File %systemroot%\system32\NVTCP.dll not found.
Service win32sl stopped successfully!
Service win32sl deleted successfully!
File %systemroot%\system32\tosrfnds.dll not found.
Service WIBUKEY stopped successfully!
Service WIBUKEY deleted successfully!
File %systemroot%\system32\scarddrv.dll not found.
Service websenseuserservice stopped successfully!
Service websenseuserservice deleted successfully!
File %systemroot%\system32\s125mgmt.dll not found.
Service websensepolicyserver stopped successfully!
Service websensepolicyserver deleted successfully!
File %systemroot%\system32\smservaz.dll not found.
Service w800bus stopped successfully!
Service w800bus deleted successfully!
File %systemroot%\system32\SunkFilt.dll not found.
Service W700mdfl stopped successfully!
Service W700mdfl deleted successfully!
File %systemroot%\system32\roxupnprenderer.dll not found.
Service w39n51 stopped successfully!
Service w39n51 deleted successfully!
File %systemroot%\system32\wkscfgsrv.dll not found.
Service vpctcom stopped successfully!
Service vpctcom deleted successfully!
File %systemroot%\system32\EpmShd.dll not found.
Service vpcbus stopped successfully!
Service vpcbus deleted successfully!
File %systemroot%\system32\basic2.dll not found.
Service vncmirror stopped successfully!
Service vncmirror deleted successfully!
File %systemroot%\system32\dktknsrv.dll not found.
Service vmnetdhcp stopped successfully!
Service vmnetdhcp deleted successfully!
File %systemroot%\system32\w3svc.dll not found.
Service VirtualFD stopped successfully!
Service VirtualFD deleted successfully!
File %systemroot%\system32\WNCPKT.dll not found.
Service viaudio stopped successfully!
Service viaudio deleted successfully!
File %systemroot%\system32\carboniteservice.dll not found.
Service vetfddnt stopped successfully!
Service vetfddnt deleted successfully!
File %systemroot%\system32\ntiopnp.dll not found.
Service VAIOMediaPlatform-PhotoServer-HTTP stopped successfully!
Service VAIOMediaPlatform-PhotoServer-HTTP deleted successfully!
File %systemroot%\system32\caccprovsp.dll not found.
Service v2imount stopped successfully!
Service v2imount deleted successfully!
File %systemroot%\system32\hsvcmod.dll not found.
Service usnsvc stopped successfully!
Service usnsvc deleted successfully!
File %systemroot%\system32\hclinetd.dll not found.
Service USBDeviceService stopped successfully!
Service USBDeviceService deleted successfully!
File %systemroot%\system32\w550bus.dll not found.
Service us30service stopped successfully!
Service us30service deleted successfully!
File %systemroot%\system32\TPwSav.dll not found.
Service upperdev stopped successfully!
Service upperdev deleted successfully!
File %systemroot%\system32\vxd.dll not found.
Service U81xbus stopped successfully!
Service U81xbus deleted successfully!
File %systemroot%\system32\nvport.dll not found.
Service U2SP stopped successfully!
Service U2SP deleted successfully!
File %systemroot%\system32\WNIPROT5.dll not found.
Service tunnelguardservice stopped successfully!
Service tunnelguardservice deleted successfully!
File %systemroot%\system32\cmbatt.dll not found.
Service tosrfec stopped successfully!
Service tosrfec deleted successfully!
File %systemroot%\system32\L8042Kbd.dll not found.
Service tfsndrct stopped successfully!
Service tfsndrct deleted successfully!
File %systemroot%\system32\modem.dll not found.
Service TestHandler stopped successfully!
Service TestHandler deleted successfully!
File %systemroot%\system32\VRADFIL.dll not found.
Service symsecureport stopped successfully!
Service symsecureport deleted successfully!
File %systemroot%\system32\s217unic.dll not found.
Service SWUMX20 stopped successfully!
Service SWUMX20 deleted successfully!
File %systemroot%\system32\isdrv120.dll not found.
Error: No service named SWMX00) BLKWGU(Belkin was found to stop!
Service\Driver key SWMX00) BLKWGU(Belkin not found.
File %systemroot%\system32\nmwcdc.dll not found.
Service stylexphelper stopped successfully!
Service stylexphelper deleted successfully!
File %systemroot%\system32\vstor2.dll not found.
Service sstpsvc stopped successfully!
Service sstpsvc deleted successfully!
File %systemroot%\system32\portio.dll not found.
Service ssoftservice stopped successfully!
Service ssoftservice deleted successfully!
File %systemroot%\system32\egathdrv.dll not found.
Service SrvcEKIOMngr stopped successfully!
Service SrvcEKIOMngr deleted successfully!
File %systemroot%\system32\dcomlaunch.dll not found.
Service SprintRcAppSvc stopped successfully!
Service SprintRcAppSvc deleted successfully!
File %systemroot%\system32\cercsr6.dll not found.
Service speedfan stopped successfully!
Service speedfan deleted successfully!
File %systemroot%\system32\btkrnl.dll not found.
Service spbbcsvc stopped successfully!
Service spbbcsvc deleted successfully!
File %systemroot%\system32\emitray.dll not found.
Service softfax stopped successfully!
Service softfax deleted successfully!
File %systemroot%\system32\senfilt.dll not found.
Service smrt stopped successfully!
Service smrt deleted successfully!
File %systemroot%\system32\iolodmv.dll not found.
Service siside stopped successfully!
Service siside deleted successfully!
File %systemroot%\system32\siswlsvc.dll not found.
Service shdserv stopped successfully!
Service shdserv deleted successfully!
File %systemroot%\system32\bc_tdi_f.dll not found.
Service sglfb stopped successfully!
Service sglfb deleted successfully!
File %systemroot%\system32\Invoker.dll not found.
Service SetupNT stopped successfully!
Service SetupNT deleted successfully!
File %systemroot%\system32\aksfridge.dll not found.
Service se58mdm stopped successfully!
Service se58mdm deleted successfully!
File %systemroot%\system32\GoogleDesktopManager-010708-104812.dll not found.
Service SE2Cmgmt stopped successfully!
Service SE2Cmgmt deleted successfully!
File %systemroot%\system32\backupexecnamingservice.dll not found.
Service SE27bus stopped successfully!
Service SE27bus deleted successfully!
File %systemroot%\system32\BCM43XV.dll not found.
Service sdbus stopped successfully!
Service sdbus deleted successfully!
File %systemroot%\system32\ctdvda2k.dll not found.
Service sbhooksvc stopped successfully!
Service sbhooksvc deleted successfully!
File %systemroot%\system32\aolservice.dll not found.
Service sansaservice stopped successfully!
Service sansaservice deleted successfully!
File %systemroot%\system32\p17.dll not found.
Service s616obex stopped successfully!
Service s616obex deleted successfully!
File %systemroot%\system32\SE2Bmdfl.dll not found.
Service S3GIGP stopped successfully!
Service S3GIGP deleted successfully!
File %systemroot%\system32\addfiltr.dll not found.
Service s125mdm stopped successfully!
Service s125mdm deleted successfully!
File %systemroot%\system32\iviregmgr.dll not found.
Service s116unic stopped successfully!
Service s116unic deleted successfully!
File %systemroot%\system32\lcs.dll not found.
Service s116obex stopped successfully!
Service s116obex deleted successfully!
File %systemroot%\system32\pserve.dll not found.
Service s116bus stopped successfully!
Service s116bus deleted successfully!
File %systemroot%\system32\prfldsvc.dll not found.
Service rxmssync stopped successfully!
Service rxmssync deleted successfully!
File %systemroot%\system32\WGX.dll not found.
Service RTSTOR stopped successfully!
Service RTSTOR deleted successfully!
File %systemroot%\system32\termservice.dll not found.
Service RTL8169 stopped successfully!
Service RTL8169 deleted successfully!
File %systemroot%\system32\roxwatch9.dll not found.
Service rt73 stopped successfully!
Service rt73 deleted successfully!
File %systemroot%\system32\WD_FireWire_HID.dll not found.
Service RSAFAL stopped successfully!
Service RSAFAL deleted successfully!
File %systemroot%\system32\maya70docserver.dll not found.
Service roxliveshare9 stopped successfully!
Service roxliveshare9 deleted successfully!
File %systemroot%\system32\tvs.dll not found.
Service ROOTUSB stopped successfully!
Service ROOTUSB deleted successfully!
File %systemroot%\system32\anio.dll not found.
Service rampartsvc stopped successfully!
Service rampartsvc deleted successfully!
File %systemroot%\system32\CAM1210.dll not found.
Service racsvc stopped successfully!
Service racsvc deleted successfully!
File %systemroot%\system32\JavaQuickStarterService.dll not found.
Service qserver stopped successfully!
Service qserver deleted successfully!
File %systemroot%\system32\dlacdbhm.dll not found.
Service qfcoresvc stopped successfully!
Service qfcoresvc deleted successfully!
File %systemroot%\system32\raidmsvr.dll not found.
Service purendis stopped successfully!
Service purendis deleted successfully!
File %systemroot%\system32\ndproxy.dll not found.
Service PTDCBus stopped successfully!
Service PTDCBus deleted successfully!
File %systemroot%\system32\bthusb.dll not found.
Service psasrv stopped successfully!
Service psasrv deleted successfully!
File %systemroot%\system32\lxbt_device.dll not found.
Service ProcObsrv stopped successfully!
Service ProcObsrv deleted successfully!
File %systemroot%\system32\rsvchost.dll not found.
Service pfmodnt stopped successfully!
Service pfmodnt deleted successfully!
File %systemroot%\system32\HPFECP20.dll not found.
Service pdlnecfg stopped successfully!
Service pdlnecfg deleted successfully!
File %systemroot%\system32\WaveFDE.dll not found.
Service pcctlcom stopped successfully!
Service pcctlcom deleted successfully!
File %systemroot%\system32\soma.dll not found.
Service parallel stopped successfully!
Service parallel deleted successfully!
File %systemroot%\system32\mail2ec.dll not found.
Service owstimer stopped successfully!
Service owstimer deleted successfully!
File %systemroot%\system32\acmservice.dll not found.
Service oracleorahometnslistener stopped successfully!
Service oracleorahometnslistener deleted successfully!
File %systemroot%\system32\pdengine.dll not found.
Service OracleOraHome92ClientCache stopped successfully!
Service OracleOraHome92ClientCache deleted successfully!
File %systemroot%\system32\fallback.dll not found.
Service oracleorahome90agent stopped successfully!
Service oracleorahome90agent deleted successfully!
File %systemroot%\system32\SE2Cmdfl.dll not found.
Service oraclemtsrecoveryservice stopped successfully!
Service oraclemtsrecoveryservice deleted successfully!
File %systemroot%\system32\sonytvc.dll not found.
Service ohci1394 stopped successfully!
Service ohci1394 deleted successfully!
File %systemroot%\system32\w29n51.dll not found.
Service ofcpfwsvc stopped successfully!
Service ofcpfwsvc deleted successfully!
File %systemroot%\system32\SrvcSSIOMngr.dll not found.
Service NWHOST stopped successfully!
Service NWHOST deleted successfully!
File %systemroot%\system32\zpjava.dll not found.
Service NVR0FLASHDev stopped successfully!
Service NVR0FLASHDev deleted successfully!
File %systemroot%\system32\shdserv.dll not found.
Service nvata stopped successfully!
Service nvata deleted successfully!
File %systemroot%\system32\crcdisk.dll not found.
Service NuidFltr stopped successfully!
Service NuidFltr deleted successfully!
File %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll not found.
Service NSSvcMgr stopped successfully!
Service NSSvcMgr deleted successfully!
File %systemroot%\system32\stcagent.dll not found.
Service nnsvc stopped successfully!
Service nnsvc deleted successfully!
File %systemroot%\system32\USIUDF.dll not found.
Service NMSSvc stopped successfully!
Service NMSSvc deleted successfully!
File %systemroot%\system32\iaimfp0.dll not found.
Service NMSAccessU stopped successfully!
Service NMSAccessU deleted successfully!
File %systemroot%\system32\SE2Cmdm.dll not found.
Service NeroMediaHomeService.4 stopped successfully!
Service NeroMediaHomeService.4 deleted successfully!
File %systemroot%\system32\qcdonner.dll not found.
Service Ndisipo stopped successfully!
Service Ndisipo deleted successfully!
File %systemroot%\system32\hcwPVRP2.dll not found.
Service mxserver stopped successfully!
Service mxserver deleted successfully!
File %systemroot%\system32\se58bus.dll not found.
Service mvwebserver stopped successfully!
Service mvwebserver deleted successfully!
File %systemroot%\system32\websensecpmcommunicationagent.dll not found.
Service mssqlserver stopped successfully!
Service mssqlserver deleted successfully!
File %systemroot%\system32\igniteservice.exe.dll not found.
Service mssql$sony_mediamgr stopped successfully!
Service mssql$sony_mediamgr deleted successfully!
File %systemroot%\system32\pktfilter.dll not found.
Service mscsptisrv stopped successfully!
Service mscsptisrv deleted successfully!
File %systemroot%\system32\s116unic.dll not found.
Service mhn stopped successfully!
Service mhn deleted successfully!
File %systemroot%\system32\DSXUSB.dll not found.
Service lwwlicenseservice stopped successfully!
Service lwwlicenseservice deleted successfully!
File %systemroot%\system32\sandradatasrv.dll not found.
Service lvselsus stopped successfully!
Service lvselsus deleted successfully!
File %systemroot%\system32\iwebcal.dll not found.
Service ltck000c stopped successfully!
Service ltck000c deleted successfully!
File %systemroot%\system32\EUSBMSD.dll not found.
Service lockmgr stopped successfully!
Service lockmgr deleted successfully!
File %systemroot%\system32\RTHDMIAzAudService.dll not found.
Service LMouKE stopped successfully!
Service LMouKE deleted successfully!
File %systemroot%\system32\dtscsi.dll not found.
Service lmimaint stopped successfully!
Service lmimaint deleted successfully!
File %systemroot%\system32\i81x.dll not found.
Service lhidusb stopped successfully!
Service lhidusb deleted successfully!
File %systemroot%\system32\MKEMUSB.dll not found.
Service l8042pr2 stopped successfully!
Service l8042pr2 deleted successfully!
File %systemroot%\system32\iPassPeriodicUpdateService.dll not found.
Service JGOGO stopped successfully!
Service JGOGO deleted successfully!
File %systemroot%\system32\ndiscm.dll not found.
Service issuser stopped successfully!
Service issuser deleted successfully!
File %systemroot%\system32\PCASp50.dll not found.
Service irmon stopped successfully!
Service irmon deleted successfully!
File %systemroot%\system32\quickhealfirewall.dll not found.
Service IPSECSHM stopped successfully!
Service IPSECSHM deleted successfully!
File %systemroot%\system32\backupexecjobengine.dll not found.
Service iksysflt stopped successfully!
Service iksysflt deleted successfully!
File %systemroot%\system32\spcsutilityservice.dll not found.
Service ikfileflt stopped successfully!
Service ikfileflt deleted successfully!
File %systemroot%\system32\knobserv.dll not found.
Service iftpsvc stopped successfully!
Service iftpsvc deleted successfully!
File %systemroot%\system32\advservice.dll not found.
Service idechndr stopped successfully!
Service idechndr deleted successfully!
File %systemroot%\system32\cachemgr.dll not found.
Service ICM10USB stopped successfully!
Service ICM10USB deleted successfully!
File %systemroot%\system32\ptilink.dll not found.
Service icm10blk stopped successfully!
Service icm10blk deleted successfully!
File %systemroot%\system32\se27unic.dll not found.
Service ibmpmdrv stopped successfully!
Service ibmpmdrv deleted successfully!
File %systemroot%\system32\ma_cmidi_installerservice.dll not found.
Service iaimfp2 stopped successfully!
Service iaimfp2 deleted successfully!
File %systemroot%\system32\USR1806V.dll not found.
Service iaimfp1 stopped successfully!
Service iaimfp1 deleted successfully!
File %systemroot%\system32\mmc_2K.dll not found.
Service iaantmon stopped successfully!
Service iaantmon deleted successfully!
File %systemroot%\system32\yukonwxp.dll not found.
Service HPFECP20 stopped successfully!
Service HPFECP20 deleted successfully!
File %systemroot%\system32\pavsrv.dll not found.
Service hpdskflt stopped successfully!
Service hpdskflt deleted successfully!
File %systemroot%\system32\avg7alrt.dll not found.
Service HFACSVC stopped successfully!
Service HFACSVC deleted successfully!
File %systemroot%\system32\kpfwsvc.dll not found.
Service fshttps stopped successfully!
Service fshttps deleted successfully!
File %systemroot%\system32\symc8xx.dll not found.
Service Freedom stopped successfully!
Service Freedom deleted successfully!
File %systemroot%\system32\pccsmcfd.dll not found.
Service filechecker stopped successfully!
Service filechecker deleted successfully!
File %systemroot%\system32\sfman.dll not found.
Service fgdxbus stopped successfully!
Service fgdxbus deleted successfully!
File %systemroot%\system32\MA8032U.dll not found.
Service fasttrackinstallerservice stopped successfully!
Service fasttrackinstallerservice deleted successfully!
File %systemroot%\system32\atfsd.dll not found.
Service EU3_USB stopped successfully!
Service EU3_USB deleted successfully!
File %systemroot%\system32\RIOUNIV.dll not found.
Service ET5Drv stopped successfully!
Service ET5Drv deleted successfully!
File %systemroot%\system32\incdfs.dll not found.
Service elotouchscreen stopped successfully!
Service elotouchscreen deleted successfully!
File %systemroot%\system32\WMIService.dll not found.
Service eloggersvc6 stopped successfully!
Service eloggersvc6 deleted successfully!
File %systemroot%\system32\cm102u32.dll not found.
Service ELmou stopped successfully!
Service ELmou deleted successfully!
File %systemroot%\system32\radclock.dll not found.
Service egathdrv stopped successfully!
Service egathdrv deleted successfully!
File %systemroot%\system32\mvserver.dll not found.
Service edspport stopped successfully!
Service edspport deleted successfully!
File %systemroot%\system32\ino_flpy.dll not found.
Service dwmrcs stopped successfully!
Service dwmrcs deleted successfully!
File %systemroot%\system32\RivaTuner32.dll not found.
Service dnserver32 stopped successfully!
Service dnserver32 deleted successfully!
File %systemroot%\system32\emclisrv.dll not found.
Service DMUSBUSBDCam stopped successfully!
Service DMUSBUSBDCam deleted successfully!
File %systemroot%\system32\lvupdtio.dll not found.
Service dlaudfam stopped successfully!
Service dlaudfam deleted successfully!
File %systemroot%\system32\Alpham1.dll not found.
Service diskeeper stopped successfully!
Service diskeeper deleted successfully!
File %systemroot%\system32\apfiltrservice.dll not found.
Service dirms_defragmentation stopped successfully!
Service dirms_defragmentation deleted successfully!
File %systemroot%\system32\orbmediaservice.dll not found.
Service defwatch stopped successfully!
Service defwatch deleted successfully!
File %systemroot%\system32\superproserver.dll not found.
Service dcstor32 stopped successfully!
Service dcstor32 deleted successfully!
File %systemroot%\system32\int15.sys.dll not found.
Service dcpflics stopped successfully!
Service dcpflics deleted successfully!
File %systemroot%\system32\nvraid.dll not found.
Service DCamUSBSQTECH stopped successfully!
Service DCamUSBSQTECH deleted successfully!
File %systemroot%\system32\Pctspk.dll not found.
Service DCamUSBMke2 stopped successfully!
Service DCamUSBMke2 deleted successfully!
File %systemroot%\system32\napagent.dll not found.
Service DCamUSBGrandTek stopped successfully!
Service DCamUSBGrandTek deleted successfully!
File %systemroot%\system32\WavxDMgr.dll not found.
Service cwafadmincontroller stopped successfully!
Service cwafadmincontroller deleted successfully!
File %systemroot%\system32\ghostsec.dll not found.
Service cvslock stopped successfully!
Service cvslock deleted successfully!
File %systemroot%\system32\bt3cusb.dll not found.
Service CTSBLFX.DLL stopped successfully!
Service CTSBLFX.DLL deleted successfully!
File %systemroot%\system32\oracleformsserver-forms60server-oraform.dll not found.
Service ctljystk stopped successfully!
Service ctljystk deleted successfully!
File %systemroot%\system32\symantecantibotdriver.dll not found.
Service crauto stopped successfully!
Service crauto deleted successfully!
File %systemroot%\system32\SQLAgent$LG_LP2.dll not found.
Service cqmghost stopped successfully!
Service cqmghost deleted successfully!
File %systemroot%\system32\sbpci.dll not found.
Service cpucoolserver stopped successfully!
Service cpucoolserver deleted successfully!
File %systemroot%\system32\mcdbus.dll not found.
Service cpqdmi stopped successfully!
Service cpqdmi deleted successfully!
File %systemroot%\system32\TNaviSrv.dll not found.
Service cpqdfw stopped successfully!
Service cpqdfw deleted successfully!
File %systemroot%\system32\tangoservice.dll not found.
Service cpqarry2 stopped successfully!
Service cpqarry2 deleted successfully!
File %systemroot%\system32\psasrv.dll not found.
Service comhost stopped successfully!
Service comhost deleted successfully!
File %systemroot%\system32\kpf4.dll not found.
Service CnxTrUsb stopped successfully!
Service CnxTrUsb deleted successfully!
File %systemroot%\system32\ser2plms.dll not found.
Service ccflic0 stopped successfully!
Service ccflic0 deleted successfully!
File %systemroot%\system32\aswlsvc.dll not found.
Service Cam5603D stopped successfully!
Service Cam5603D deleted successfully!
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\MA8032M.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Cam5603C stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Cam5603C deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\BCMTPM.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service cachemgr stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service cachemgr deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\trlokom_rmhsvc.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service BUFADPT stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service BUFADPT deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\fix.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service btnetfilter stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service btnetfilter deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\LVCap138.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service besclient stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service besclient deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\npkcmsvc.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service bdfdll stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service bdfdll deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\A88xXBar.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service awecho stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service awecho deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\enum1394.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AVRec stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AVRec deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\tsmapip.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service autostore stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service autostore deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\CiscoVpnInstallService.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ATKFUSService stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ATKFUSService deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\KS0108.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service atitool stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service atitool deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\pchost.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ati stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ati deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\tmmbd.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AR5416 stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AR5416 deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\ASMMAP.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Angel2 stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Angel2 deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\sfng32.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service amusbprt stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service amusbprt deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\cmuda.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AlteraByteBlaster stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service AlteraByteBlaster deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\W55U01.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ALABULK stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service ALABULK deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\lxdmCATSCustConnectService.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service aksusb stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service aksusb deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\cvspydr2.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Afc stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service Afc deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\lxcj_device.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service adpu320 stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service adpu320 deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\tcpip.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service acrsch2svc stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service acrsch2svc deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\iaimfp2.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service {6080a529-897e-4629-a488-aba0c29b635e} stopped successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]Service {6080a529-897e-4629-a488-aba0c29b635e} deleted successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]File %systemroot%\system32\ndistapi.dll not found.[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]========== REGISTRY ==========[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\"netsvcs"|hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00 /E : value set successfully![/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]========== COMMANDS ==========[/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"] [/color][/size][/font]
[font="Calibri"][size="3"][color="#000000"]OTL by OldTimer - Version 3.2.39.2 log created on 04112012_172523[/color][/size][/font]

__________________________________________________________

But I was not able to run the Combofix.exe.... I'm not sure what went wrong with it.

#15
Larusso

Posted 12 April 2012 - 11:43 AM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Lets try a different way to run CF.
Please press the Posted Image

+ R Key and Copy/Paste the following single-line command into the Run box and click OK

Combofix /nombr

Let me know if it runs now

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#16
Teed55

Posted 12 April 2012 - 11:27 PM

New Member

Members
13 posts

Gender:Female

Still didn't work. It will get to the part where the blue text box is up and will get stuck on "Attempting to create a System Restore point" and won't do anything else.

#17
Larusso

Posted 13 April 2012 - 12:48 AM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Please run OTL.exe.

Under the box paste this in

netsvcs
/md5start
ipsec.sys
/md5stop

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#18
Teed55

Posted 13 April 2012 - 10:02 PM

New Member

Members
13 posts

Gender:Female

OTL logfile created on: 4/13/2012 10:15:13 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.94% Memory free
5.33 Gb Paging File | 4.30 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 436.71 Gb Free Space | 93.76% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 10:42:38 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/11 20:02:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/11 20:02:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/11 20:02:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 20:02:12 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/11 20:01:00 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:12:36 | 000,050,688 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\smss.exe
MOD - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
MOD - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\icraplus.dll
MOD - [2008/04/13 20:12:04 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dll
MOD - [2008/04/13 20:12:02 | 000,118,784 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLL
MOD - [2008/04/13 13:39:24 | 002,897,920 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nHancer.dll -- (snoopfree)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc810.dll -- (se58nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdmaud.dll -- (plsremotesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issuser.dll -- (pctavsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (dlartl_n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwrdr.dll -- (DevUpper)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (CX88AUD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\keymaestro.dll -- (blueletaudio)
SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...67-E05BD61C464A
IE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/13 22:15:17 | 000,000,000 | ---D | M]

[2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\Extensions

Hosts file not found
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not found
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1294364092906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: mcusrmgr - File not found
NetSvcs: avcgbdr - File not found
NetSvcs: streamloadservice - File not found
NetSvcs: nvidesm - File not found
NetSvcs: QWAVEDRV - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 22:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/04/12 13:11:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/12 13:07:52 | 004,460,173 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe
[2012/04/11 17:25:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 17:23:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys
[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe
[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools
[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi
[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth
[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792
[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft
[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/13 22:17:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\icraplus.dll
[2012/04/13 22:14:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/13 22:12:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/13 22:11:39 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/13 22:11:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/13 22:11:26 | 000,754,927 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/12 13:07:52 | 004,460,173 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe
[2012/04/12 12:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/12 12:45:04 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2012/04/12 10:46:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/12 10:14:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk
[2012/04/11 20:01:12 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 20:01:12 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 18:01:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk
[2012/04/11 17:16:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/09 22:57:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe
[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys
[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip
[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe
[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\cwbrxd.dll
[2012/04/11 18:01:37 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk
[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip
[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old
[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac
[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0
[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge
[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE
[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/04 02:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
OTL log:

#19
Larusso

Posted 14 April 2012 - 02:07 PM

Selecta Jahrusso

Experts
824 posts

Gender:Male
Location:Austria
Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Hy there
How is your system behaving now ?

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please

#20
Teed55

Posted 25 April 2012 - 09:32 AM

New Member

Members
13 posts

Gender:Female

Sorry, things got very busy here. I'm not sure what happened or what I did...but now the computer won't access the internet. When I try to run the update (it is up to date) on Malwarebytes I get the PROGRAM_ERROR_UPDATING (0,0, Host not found). I'm using my laptop to post this, not sure what to do now on the desktop.

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Need Help Ridding Zeroaccess Virus

#1
Teed55

Posted 06 April 2012 - 09:53 PM

#2
Larusso

Posted 06 April 2012 - 11:05 PM

#3
Teed55

Posted 06 April 2012 - 11:28 PM

#4
Larusso

Posted 07 April 2012 - 09:26 AM

#5
Teed55

Posted 08 April 2012 - 11:35 AM

#6
Larusso

Posted 08 April 2012 - 02:46 PM

#7
Teed55

Posted 09 April 2012 - 11:20 AM

#8
Larusso

Posted 09 April 2012 - 12:48 PM

#9
Teed55

Posted 09 April 2012 - 09:52 PM

#10
Teed55

Posted 09 April 2012 - 09:53 PM

#11
Larusso

Posted 09 April 2012 - 11:25 PM

#12
Teed55

Posted 11 April 2012 - 10:05 PM

#13
Teed55

Posted 12 April 2012 - 09:01 AM

#14
Teed55

Posted 12 April 2012 - 09:17 AM

#15
Larusso

Posted 12 April 2012 - 11:43 AM

#16
Teed55

Posted 12 April 2012 - 11:27 PM

#17
Larusso

Posted 13 April 2012 - 12:48 AM

#18
Teed55

Posted 13 April 2012 - 10:02 PM

#19
Larusso

Posted 14 April 2012 - 02:07 PM

#20
Teed55

Posted 25 April 2012 - 09:32 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

Need Help Ridding Zeroaccess Virus

#1 Teed55 Posted 06 April 2012 - 09:53 PM

#2 Larusso Posted 06 April 2012 - 11:05 PM

#3 Teed55 Posted 06 April 2012 - 11:28 PM

#4 Larusso Posted 07 April 2012 - 09:26 AM

#5 Teed55 Posted 08 April 2012 - 11:35 AM

#6 Larusso Posted 08 April 2012 - 02:46 PM

#7 Teed55 Posted 09 April 2012 - 11:20 AM

#8 Larusso Posted 09 April 2012 - 12:48 PM

#9 Teed55 Posted 09 April 2012 - 09:52 PM

#10 Teed55 Posted 09 April 2012 - 09:53 PM

#11 Larusso Posted 09 April 2012 - 11:25 PM

#12 Teed55 Posted 11 April 2012 - 10:05 PM

#13 Teed55 Posted 12 April 2012 - 09:01 AM

#14 Teed55 Posted 12 April 2012 - 09:17 AM

#15 Larusso Posted 12 April 2012 - 11:43 AM

#16 Teed55 Posted 12 April 2012 - 11:27 PM

#17 Larusso Posted 13 April 2012 - 12:48 AM

#18 Teed55 Posted 13 April 2012 - 10:02 PM

#19 Larusso Posted 14 April 2012 - 02:07 PM

#20 Teed55 Posted 25 April 2012 - 09:32 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
Teed55

Posted 06 April 2012 - 09:53 PM

#2
Larusso

Posted 06 April 2012 - 11:05 PM

#3
Teed55

Posted 06 April 2012 - 11:28 PM

#4
Larusso

Posted 07 April 2012 - 09:26 AM

#5
Teed55

Posted 08 April 2012 - 11:35 AM

#6
Larusso

Posted 08 April 2012 - 02:46 PM

#7
Teed55

Posted 09 April 2012 - 11:20 AM

#8
Larusso

Posted 09 April 2012 - 12:48 PM

#9
Teed55

Posted 09 April 2012 - 09:52 PM

#10
Teed55

Posted 09 April 2012 - 09:53 PM

#11
Larusso

Posted 09 April 2012 - 11:25 PM

#12
Teed55

Posted 11 April 2012 - 10:05 PM

#13
Teed55

Posted 12 April 2012 - 09:01 AM

#14
Teed55

Posted 12 April 2012 - 09:17 AM

#15
Larusso

Posted 12 April 2012 - 11:43 AM

#16
Teed55

Posted 12 April 2012 - 11:27 PM

#17
Larusso

Posted 13 April 2012 - 12:48 AM

#18
Teed55

Posted 13 April 2012 - 10:02 PM

#19
Larusso

Posted 14 April 2012 - 02:07 PM

#20
Teed55

Posted 25 April 2012 - 09:32 AM