Teed55

Need Help Ridding Zeroaccess Virus

24 posts in this topic

Need help to remove Zeroaccess virus! I’m about to lose my mind & religion over this! We recently moved and just set up the desktop comp that is infected last weekend. Here are the problems:

  1. After logging in at desktop, System32 folder will open up
  2. Get an installed hardware box (have no idea what this is for…)
  3. Internet Explorer will timeout/crash after about 5 minutes or so.
  4. Computer is VERY slow.

This “rebuilt” computer is running Windows XP, Professional version.We did purchase Malwarebytes back around November when we had another virus on it.We also use PC Tools/Spyware Doctor and McAfee Antivirus Plus.Each will catch the virus and stop it, but it’s still here.I’m not all that tech-savy, but with good instructions I can do what I can to clean up this mess.I’d greatly appreciate the help.

Share this post


Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

dds_scr.gif

Download DDS and save it to your desktop from here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post them in your next reply

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Share this post


Link to post
Share on other sites

Daniel, thank you for your help! I did download the dds to my desktop. And double clicked to run it, but the black text box was only up for a couple of seconds. It never created either log.

Do you want me to download the TDS Skiller.exe now?

Share this post


Link to post
Share on other sites

Yes please. Lets see if it will run.

Share this post


Link to post
Share on other sites

Daniel, sorry I was away from home yesterday. Just to let you know we do have three users set up for this computer. Here is the copy of the TDS log:

12:27:56.0931 5452 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

12:27:57.0759 5452 ============================================================

12:27:57.0759 5452 Current date / time: 2012/04/08 12:27:57.0759

12:27:57.0759 5452 SystemInfo:

12:27:57.0759 5452

12:27:57.0759 5452 OS Version: 5.1.2600 ServicePack: 3.0

12:27:57.0759 5452 Product type: Workstation

12:27:57.0759 5452 ComputerName: DESKTOP-1

12:27:57.0759 5452 UserName: John & Wendy

12:27:57.0759 5452 Windows directory: C:\WINDOWS

12:27:57.0759 5452 System windows directory: C:\WINDOWS

12:27:57.0759 5452 Processor architecture: Intel x86

12:27:57.0759 5452 Number of processors: 4

12:27:57.0759 5452 Page size: 0x1000

12:27:57.0759 5452 Boot type: Normal boot

12:27:57.0759 5452 ============================================================

12:27:59.0181 5452 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:27:59.0212 5452 \Device\Harddisk0\DR0:

12:27:59.0212 5452 MBR used

12:27:59.0212 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

12:27:59.0259 5452 Initialize success

12:27:59.0259 5452 ============================================================

12:28:01.0962 6100 ============================================================

12:28:01.0962 6100 Scan started

12:28:01.0962 6100 Mode: Manual;

12:28:01.0962 6100 ============================================================

12:28:02.0650 6100 Abiosdsk - ok

12:28:02.0665 6100 abp480n5 - ok

12:28:02.0728 6100 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

12:28:02.0775 6100 ac.sharedstore - ok

12:28:02.0821 6100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:28:02.0821 6100 ACPI - ok

12:28:02.0868 6100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:28:02.0868 6100 ACPIEC - ok

12:28:02.0884 6100 acrsch2svc - ok

12:28:02.0946 6100 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:28:02.0993 6100 AdobeFlashPlayerUpdateSvc - ok

12:28:02.0993 6100 adpu160m - ok

12:28:03.0009 6100 adpu320 - ok

12:28:03.0025 6100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:28:03.0040 6100 aec - ok

12:28:03.0040 6100 Afc - ok

12:28:03.0087 6100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:28:03.0134 6100 AFD - ok

12:28:03.0165 6100 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

12:28:03.0212 6100 AFS2K - ok

12:28:03.0212 6100 Aha154x - ok

12:28:03.0228 6100 aic78u2 - ok

12:28:03.0228 6100 aic78xx - ok

12:28:03.0275 6100 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

12:28:03.0275 6100 Alerter - ok

12:28:03.0290 6100 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

12:28:03.0290 6100 ALG - ok

12:28:03.0290 6100 AliIde - ok

12:28:03.0306 6100 AlteraByteBlaster - ok

12:28:03.0368 6100 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

12:28:03.0431 6100 Ambfilt - ok

12:28:03.0431 6100 amsint - ok

12:28:03.0446 6100 amusbprt - ok

12:28:03.0478 6100 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

12:28:03.0478 6100 AppMgmt - ok

12:28:03.0478 6100 AR5416 - ok

12:28:03.0493 6100 asc - ok

12:28:03.0493 6100 asc3350p - ok

12:28:03.0509 6100 asc3550 - ok

12:28:03.0540 6100 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys

12:28:03.0587 6100 AsIO - ok

12:28:03.0634 6100 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:28:03.0681 6100 aspnet_state - ok

12:28:03.0759 6100 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

12:28:03.0806 6100 AsSysCtrlService - ok

12:28:03.0806 6100 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys

12:28:03.0853 6100 AsUpIO - ok

12:28:03.0900 6100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:28:03.0900 6100 AsyncMac - ok

12:28:03.0946 6100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:28:03.0946 6100 atapi - ok

12:28:03.0946 6100 Atdisk - ok

12:28:03.0993 6100 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe

12:28:04.0056 6100 Ati HotKey Poller - ok

12:28:04.0103 6100 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe

12:28:04.0212 6100 ATI Smart - ok

12:28:04.0243 6100 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

12:28:04.0321 6100 ati2mtag - ok

12:28:04.0321 6100 atitool - ok

12:28:04.0368 6100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:28:04.0368 6100 Atmarpc - ok

12:28:04.0415 6100 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

12:28:04.0415 6100 AudioSrv - ok

12:28:04.0446 6100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:28:04.0446 6100 audstub - ok

12:28:04.0462 6100 autostore - ok

12:28:04.0462 6100 AVRec - ok

12:28:04.0493 6100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:28:04.0509 6100 Beep - ok

12:28:04.0525 6100 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

12:28:04.0525 6100 BITS - ok

12:28:04.0540 6100 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

12:28:04.0540 6100 Browser - ok

12:28:04.0587 6100 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

12:28:04.0650 6100 Browser Defender Update Service - ok

12:28:04.0665 6100 btnetfilter - ok

12:28:04.0681 6100 BUFADPT - ok

12:28:04.0696 6100 cachemgr - ok

12:28:04.0696 6100 Cam5603C - ok

12:28:04.0696 6100 Cam5603D - ok

12:28:04.0743 6100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:28:04.0743 6100 cbidf2k - ok

12:28:04.0759 6100 cd20xrnt - ok

12:28:04.0759 6100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:28:04.0759 6100 Cdaudio - ok

12:28:04.0806 6100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:28:04.0806 6100 Cdfs - ok

12:28:04.0821 6100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:28:04.0821 6100 Cdrom - ok

12:28:04.0853 6100 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

12:28:04.0853 6100 cfwids - ok

12:28:04.0868 6100 Changer - ok

12:28:04.0900 6100 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

12:28:04.0915 6100 CiSvc - ok

12:28:04.0946 6100 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

12:28:04.0946 6100 ClipSrv - ok

12:28:04.0978 6100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:28:05.0025 6100 clr_optimization_v2.0.50727_32 - ok

12:28:05.0025 6100 CmdIde - ok

12:28:05.0040 6100 CnxTrUsb - ok

12:28:05.0040 6100 comhost - ok

12:28:05.0040 6100 COMSysApp - ok

12:28:05.0056 6100 Cpqarray - ok

12:28:05.0056 6100 cpqdfw - ok

12:28:05.0071 6100 cpqdmi - ok

12:28:05.0071 6100 cpucoolserver - ok

12:28:05.0087 6100 cqmghost - ok

12:28:05.0087 6100 crauto - ok

12:28:05.0103 6100 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

12:28:05.0103 6100 CryptSvc - ok

12:28:05.0103 6100 ctljystk - ok

12:28:05.0103 6100 cvslock - ok

12:28:05.0150 6100 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

12:28:05.0228 6100 cxbu0wdm - ok

12:28:05.0228 6100 dac2w2k - ok

12:28:05.0243 6100 dac960nt - ok

12:28:05.0243 6100 DCamUSBMke2 - ok

12:28:05.0290 6100 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:28:05.0290 6100 DcomLaunch - ok

12:28:05.0306 6100 dcpflics - ok

12:28:05.0306 6100 dcstor32 - ok

12:28:05.0306 6100 defwatch - ok

12:28:05.0353 6100 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

12:28:05.0353 6100 Dhcp - ok

12:28:05.0353 6100 dirms_defragmentation - ok

12:28:05.0400 6100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:28:05.0400 6100 Disk - ok

12:28:05.0400 6100 diskeeper - ok

12:28:05.0415 6100 dlaudfam - ok

12:28:05.0415 6100 dmadmin - ok

12:28:05.0446 6100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:28:05.0462 6100 dmboot - ok

12:28:05.0493 6100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:28:05.0509 6100 dmio - ok

12:28:05.0509 6100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:28:05.0509 6100 dmload - ok

12:28:05.0571 6100 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

12:28:05.0571 6100 dmserver - ok

12:28:05.0587 6100 DMUSBUSBDCam - ok

12:28:05.0603 6100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:28:05.0618 6100 DMusic - ok

12:28:05.0650 6100 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

12:28:05.0681 6100 Dnscache - ok

12:28:05.0696 6100 dnserver32 - ok

12:28:05.0759 6100 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

12:28:05.0759 6100 Dot3svc - ok

12:28:05.0775 6100 dpti2o - ok

12:28:05.0775 6100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:28:05.0775 6100 drmkaud - ok

12:28:05.0837 6100 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe

12:28:05.0837 6100 DvmMDES - ok

12:28:05.0884 6100 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

12:28:05.0884 6100 EapHost - ok

12:28:05.0884 6100 edspport - ok

12:28:05.0900 6100 egathdrv - ok

12:28:05.0900 6100 ELmou - ok

12:28:05.0900 6100 eloggersvc6 - ok

12:28:05.0915 6100 elotouchscreen - ok

12:28:05.0931 6100 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

12:28:05.0931 6100 ERSvc - ok

12:28:05.0946 6100 ET5Drv - ok

12:28:05.0946 6100 EU3_USB - ok

12:28:05.0978 6100 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:28:05.0993 6100 Eventlog - ok

12:28:05.0993 6100 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

12:28:05.0993 6100 EventSystem - ok

12:28:06.0009 6100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:28:06.0009 6100 Fastfat - ok

12:28:06.0056 6100 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:28:06.0087 6100 FastUserSwitchingCompatibility - ok

12:28:06.0103 6100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

12:28:06.0103 6100 Fdc - ok

12:28:06.0103 6100 filechecker - ok

12:28:06.0118 6100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:28:06.0118 6100 Fips - ok

12:28:06.0150 6100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:28:06.0150 6100 Flpydisk - ok

12:28:06.0181 6100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:28:06.0181 6100 FltMgr - ok

12:28:06.0306 6100 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:28:06.0321 6100 FontCache3.0.0.0 - ok

12:28:06.0337 6100 Freedom - ok

12:28:06.0353 6100 fshttps - ok

12:28:06.0353 6100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:28:06.0353 6100 Fs_Rec - ok

12:28:06.0368 6100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:28:06.0368 6100 Ftdisk - ok

12:28:06.0384 6100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:28:06.0384 6100 Gpc - ok

12:28:06.0462 6100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:28:06.0509 6100 gupdate - ok

12:28:06.0556 6100 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

12:28:06.0634 6100 hamachi - ok

12:28:06.0728 6100 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

12:28:06.0728 6100 Hamachi2Svc - ok

12:28:06.0775 6100 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:28:06.0775 6100 HDAudBus - ok

12:28:06.0806 6100 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys

12:28:06.0868 6100 HECI - ok

12:28:06.0915 6100 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:28:06.0915 6100 helpsvc - ok

12:28:06.0931 6100 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

12:28:06.0946 6100 HidServ - ok

12:28:06.0962 6100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:28:06.0962 6100 hidusb - ok

12:28:07.0009 6100 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

12:28:07.0009 6100 hkmsvc - ok

12:28:07.0025 6100 HPFECP20 - ok

12:28:07.0025 6100 hpn - ok

12:28:07.0056 6100 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

12:28:07.0087 6100 HPZid412 - ok

12:28:07.0103 6100 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

12:28:07.0134 6100 HPZipr12 - ok

12:28:07.0134 6100 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

12:28:07.0165 6100 HPZius12 - ok

12:28:07.0212 6100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:28:07.0212 6100 HTTP - ok

12:28:07.0275 6100 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

12:28:07.0275 6100 HTTPFilter - ok

12:28:07.0275 6100 i2omgmt - ok

12:28:07.0290 6100 i2omp - ok

12:28:07.0337 6100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:28:07.0337 6100 i8042prt - ok

12:28:07.0353 6100 iaantmon - ok

12:28:07.0368 6100 iaimfp1 - ok

12:28:07.0368 6100 iaimfp2 - ok

12:28:07.0431 6100 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

12:28:07.0493 6100 ialm - ok

12:28:07.0493 6100 ibmpmdrv - ok

12:28:07.0509 6100 ICM10USB - ok

12:28:07.0665 6100 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

12:28:07.0775 6100 IDriverT - ok

12:28:08.0118 6100 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:28:08.0275 6100 idsvc - ok

12:28:08.0275 6100 iftpsvc - ok

12:28:08.0290 6100 ikfileflt - ok

12:28:08.0290 6100 iksysflt - ok

12:28:08.0337 6100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:28:08.0337 6100 Imapi - ok

12:28:08.0384 6100 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe

12:28:08.0384 6100 ImapiService - ok

12:28:08.0400 6100 ini910u - ok

12:28:08.0509 6100 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:28:08.0571 6100 IntcAzAudAddService - ok

12:28:08.0603 6100 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys

12:28:08.0681 6100 IntcDAud - ok

12:28:08.0696 6100 IntelIde - ok

12:28:08.0728 6100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:28:08.0728 6100 intelppm - ok

12:28:08.0743 6100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:28:08.0743 6100 ip6fw - ok

12:28:08.0775 6100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:28:08.0775 6100 IpFilterDriver - ok

12:28:08.0806 6100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:28:08.0821 6100 IpInIp - ok

12:28:08.0853 6100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:28:08.0853 6100 IpNat - ok

12:28:08.0900 6100 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:28:08.0900 6100 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a91

12:28:08.0900 6100 IPSec ( Virus.Win32.ZAccess.k ) - infected

12:28:08.0900 6100 IPSec - detected Virus.Win32.ZAccess.k (0)

12:28:08.0900 6100 IPSECSHM - ok

12:28:08.0931 6100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:28:08.0931 6100 IRENUM - ok

12:28:08.0946 6100 irmon - ok

12:28:08.0978 6100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:28:08.0978 6100 isapnp - ok

12:28:08.0978 6100 issuser - ok

12:28:09.0071 6100 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

12:28:09.0118 6100 JavaQuickStarterService - ok

12:28:09.0118 6100 JGOGO - ok

12:28:09.0134 6100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:28:09.0134 6100 Kbdclass - ok

12:28:09.0150 6100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:28:09.0150 6100 kmixer - ok

12:28:09.0181 6100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:28:09.0181 6100 KSecDD - ok

12:28:09.0196 6100 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

12:28:09.0228 6100 lanmanserver - ok

12:28:09.0259 6100 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

12:28:09.0259 6100 lanmanworkstation - ok

12:28:09.0275 6100 lbrtfdc - ok

12:28:09.0275 6100 lhidusb - ok

12:28:09.0321 6100 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

12:28:09.0321 6100 LmHosts - ok

12:28:09.0337 6100 lmimaint - ok

12:28:09.0337 6100 LMouKE - ok

12:28:09.0415 6100 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:28:09.0415 6100 LMS - ok

12:28:09.0446 6100 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

12:28:09.0525 6100 MBAMProtector - ok

12:28:09.0603 6100 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:28:09.0650 6100 MBAMService - ok

12:28:09.0743 6100 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

12:28:09.0806 6100 McMPFSvc - ok

12:28:09.0837 6100 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:28:09.0837 6100 mcmscsvc - ok

12:28:09.0837 6100 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:28:09.0837 6100 McNaiAnn - ok

12:28:09.0837 6100 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:28:09.0837 6100 McNASvc - ok

12:28:09.0915 6100 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe

12:28:09.0962 6100 McODS - ok

12:28:09.0962 6100 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:28:09.0962 6100 McProxy - ok

12:28:10.0025 6100 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:28:10.0025 6100 McShield - ok

12:28:10.0134 6100 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

12:28:10.0134 6100 Messenger - ok

12:28:10.0150 6100 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

12:28:10.0196 6100 mfeapfk - ok

12:28:10.0228 6100 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

12:28:10.0275 6100 mfeavfk - ok

12:28:10.0275 6100 mfeavfk01 - ok

12:28:10.0290 6100 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

12:28:10.0321 6100 mfebopk - ok

12:28:10.0400 6100 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:28:10.0400 6100 mfefire - ok

12:28:10.0415 6100 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

12:28:10.0462 6100 mfefirek - ok

12:28:10.0525 6100 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

12:28:10.0603 6100 mfehidk - ok

12:28:10.0618 6100 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

12:28:10.0665 6100 mfendisk - ok

12:28:10.0681 6100 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

12:28:10.0681 6100 mfendiskmp - ok

12:28:10.0696 6100 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

12:28:10.0743 6100 mferkdet - ok

12:28:10.0775 6100 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

12:28:10.0806 6100 mfetdi2k - ok

12:28:10.0853 6100 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe

12:28:10.0884 6100 mfevtp - ok

12:28:10.0900 6100 mhn - ok

12:28:10.0978 6100 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

12:28:11.0025 6100 Microsoft Office Groove Audit Service - ok

12:28:11.0056 6100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:28:11.0056 6100 mnmdd - ok

12:28:11.0103 6100 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

12:28:11.0103 6100 mnmsrvc - ok

12:28:11.0118 6100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:28:11.0118 6100 Modem - ok

12:28:11.0165 6100 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

12:28:11.0228 6100 Monfilt - ok

12:28:11.0243 6100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:28:11.0259 6100 Mouclass - ok

12:28:11.0290 6100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:28:11.0290 6100 mouhid - ok

12:28:11.0321 6100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:28:11.0321 6100 MountMgr - ok

12:28:11.0321 6100 mraid35x - ok

12:28:11.0353 6100 MREMPR5 - ok

12:28:11.0368 6100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:28:11.0368 6100 MRxDAV - ok

12:28:11.0384 6100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:28:11.0462 6100 MRxSmb - ok

12:28:11.0509 6100 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

12:28:11.0509 6100 MSDTC - ok

12:28:11.0525 6100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:28:11.0525 6100 Msfs - ok

12:28:11.0525 6100 MSIServer - ok

12:28:11.0556 6100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:28:11.0556 6100 MSKSSRV - ok

12:28:11.0571 6100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:28:11.0571 6100 MSPCLOCK - ok

12:28:11.0587 6100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:28:11.0587 6100 MSPQM - ok

12:28:11.0618 6100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:28:11.0618 6100 mssmbios - ok

12:28:11.0634 6100 mssql$sony_mediamgr - ok

12:28:11.0634 6100 mssqlserver - ok

12:28:11.0681 6100 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

12:28:11.0681 6100 MTsensor - ok

12:28:11.0696 6100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:28:11.0743 6100 Mup - ok

12:28:11.0743 6100 mvwebserver - ok

12:28:11.0759 6100 mxserver - ok

12:28:11.0790 6100 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

12:28:11.0806 6100 napagent - ok

12:28:11.0821 6100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:28:11.0837 6100 NDIS - ok

12:28:11.0837 6100 Ndisipo - ok

12:28:11.0884 6100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:28:11.0915 6100 NdisTapi - ok

12:28:11.0946 6100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:28:11.0946 6100 Ndisuio - ok

12:28:11.0946 6100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:28:11.0962 6100 NdisWan - ok

12:28:12.0009 6100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:28:12.0040 6100 NDProxy - ok

12:28:12.0040 6100 NeroMediaHomeService.4 - ok

12:28:12.0056 6100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:28:12.0056 6100 NetBIOS - ok

12:28:12.0071 6100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:28:12.0087 6100 NetBT - ok

12:28:12.0103 6100 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:28:12.0118 6100 NetDDE - ok

12:28:12.0118 6100 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:28:12.0118 6100 NetDDEdsdm - ok

12:28:12.0150 6100 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

12:28:12.0150 6100 Netlogon - ok

12:28:12.0165 6100 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

12:28:12.0165 6100 Netman - ok

12:28:12.0275 6100 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:28:12.0275 6100 NetTcpPortSharing - ok

12:28:12.0321 6100 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

12:28:12.0321 6100 Nla - ok

12:28:12.0321 6100 NMSAccessU - ok

12:28:12.0337 6100 NMSSvc - ok

12:28:12.0337 6100 nnsvc - ok

12:28:12.0400 6100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:28:12.0400 6100 Npfs - ok

12:28:12.0431 6100 NSSvcMgr - ok

12:28:12.0462 6100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:28:12.0478 6100 Ntfs - ok

12:28:12.0493 6100 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

12:28:12.0493 6100 NtLmSsp - ok

12:28:12.0540 6100 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

12:28:12.0540 6100 NtmsSvc - ok

12:28:12.0556 6100 NuidFltr - ok

12:28:12.0603 6100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:28:12.0603 6100 Null - ok

12:28:12.0806 6100 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:28:13.0087 6100 nv - ok

12:28:13.0150 6100 nvata - ok

12:28:13.0196 6100 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys

12:28:13.0243 6100 NVHDA - ok

12:28:13.0321 6100 NVR0FLASHDev - ok

12:28:13.0665 6100 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe

12:28:13.0696 6100 NVSvc - ok

12:28:13.0837 6100 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

12:28:13.0900 6100 nvUpdatusService - ok

12:28:13.0915 6100 NWHOST - ok

12:28:13.0962 6100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:28:13.0962 6100 NwlnkFlt - ok

12:28:13.0962 6100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:28:13.0978 6100 NwlnkFwd - ok

12:28:14.0071 6100 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:28:14.0134 6100 odserv - ok

12:28:14.0134 6100 ofcpfwsvc - ok

12:28:14.0150 6100 ohci1394 - ok

12:28:14.0150 6100 oraclemtsrecoveryservice - ok

12:28:14.0150 6100 oracleorahome90agent - ok

12:28:14.0165 6100 OracleOraHome92ClientCache - ok

12:28:14.0196 6100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:28:14.0243 6100 ose - ok

12:28:14.0243 6100 parallel - ok

12:28:14.0290 6100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

12:28:14.0290 6100 Parport - ok

12:28:14.0306 6100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:28:14.0306 6100 PartMgr - ok

12:28:14.0337 6100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:28:14.0337 6100 ParVdm - ok

12:28:14.0353 6100 pcctlcom - ok

12:28:14.0368 6100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:28:14.0368 6100 PCI - ok

12:28:14.0384 6100 PCIDump - ok

12:28:14.0384 6100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:28:14.0384 6100 PCIIde - ok

12:28:14.0400 6100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:28:14.0415 6100 Pcmcia - ok

12:28:14.0446 6100 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys

12:28:14.0446 6100 PCTBD - ok

12:28:14.0493 6100 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys

12:28:14.0493 6100 PCTCore - ok

12:28:14.0525 6100 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys

12:28:14.0525 6100 pctDS - ok

12:28:14.0571 6100 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys

12:28:14.0571 6100 pctEFA - ok

12:28:14.0603 6100 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys

12:28:14.0650 6100 pctgntdi - ok

12:28:14.0665 6100 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys

12:28:14.0665 6100 pctplsg - ok

12:28:14.0681 6100 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys

12:28:14.0681 6100 PCTSD - ok

12:28:14.0681 6100 PDCOMP - ok

12:28:14.0696 6100 PDFRAME - ok

12:28:14.0696 6100 pdlnecfg - ok

12:28:14.0712 6100 PDRELI - ok

12:28:14.0712 6100 PDRFRAME - ok

12:28:14.0712 6100 perc2 - ok

12:28:14.0728 6100 perc2hib - ok

12:28:14.0759 6100 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:28:14.0759 6100 PlugPlay - ok

12:28:14.0790 6100 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe

12:28:14.0837 6100 Pml Driver HPZ12 - ok

12:28:14.0853 6100 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

12:28:14.0853 6100 PolicyAgent - ok

12:28:14.0884 6100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:28:14.0884 6100 PptpMiniport - ok

12:28:14.0900 6100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:28:14.0900 6100 Processor - ok

12:28:14.0915 6100 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:28:14.0915 6100 ProtectedStorage - ok

12:28:14.0915 6100 psasrv - ok

12:28:14.0931 6100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:28:14.0931 6100 PSched - ok

12:28:14.0931 6100 PTDCBus - ok

12:28:14.0946 6100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:28:14.0946 6100 Ptilink - ok

12:28:14.0962 6100 purendis - ok

12:28:14.0962 6100 qfcoresvc - ok

12:28:14.0978 6100 ql1080 - ok

12:28:14.0978 6100 Ql10wnt - ok

12:28:14.0993 6100 ql12160 - ok

12:28:14.0993 6100 ql1240 - ok

12:28:15.0009 6100 ql1280 - ok

12:28:15.0009 6100 qserver - ok

12:28:15.0009 6100 racsvc - ok

12:28:15.0025 6100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:28:15.0040 6100 RasAcd - ok

12:28:15.0103 6100 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

12:28:15.0103 6100 RasAuto - ok

12:28:15.0118 6100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:28:15.0118 6100 Rasl2tp - ok

12:28:15.0134 6100 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

12:28:15.0134 6100 RasMan - ok

12:28:15.0150 6100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:28:15.0150 6100 RasPppoe - ok

12:28:15.0165 6100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:28:15.0165 6100 Raspti - ok

12:28:15.0181 6100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:28:15.0181 6100 Rdbss - ok

12:28:15.0196 6100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:28:15.0196 6100 RDPCDD - ok

12:28:15.0212 6100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:28:15.0212 6100 rdpdr - ok

12:28:15.0259 6100 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

12:28:15.0337 6100 RDPWD - ok

12:28:15.0353 6100 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:28:15.0368 6100 RDSessMgr - ok

12:28:15.0384 6100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:28:15.0400 6100 redbook - ok

12:28:15.0431 6100 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

12:28:15.0431 6100 RemoteAccess - ok

12:28:15.0478 6100 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

12:28:15.0478 6100 RemoteRegistry - ok

12:28:15.0478 6100 roxliveshare9 - ok

12:28:15.0509 6100 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

12:28:15.0509 6100 RpcLocator - ok

12:28:15.0540 6100 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:28:15.0556 6100 RpcSs - ok

12:28:15.0556 6100 RSAFAL - ok

12:28:15.0587 6100 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

12:28:15.0603 6100 RSVP - ok

12:28:15.0603 6100 rt73 - ok

12:28:15.0603 6100 RTL8169 - ok

12:28:15.0634 6100 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

12:28:15.0681 6100 RTLE8023xp - ok

12:28:15.0696 6100 rxmssync - ok

12:28:15.0696 6100 s116bus - ok

12:28:15.0696 6100 s116obex - ok

12:28:15.0712 6100 s116unic - ok

12:28:15.0712 6100 S3GIGP - ok

12:28:15.0728 6100 s616obex - ok

12:28:15.0759 6100 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:28:15.0759 6100 SamSs - ok

12:28:15.0775 6100 sansaservice - ok

12:28:15.0790 6100 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

12:28:15.0790 6100 SCardSvr - ok

12:28:15.0806 6100 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

12:28:15.0806 6100 Schedule - ok

12:28:15.0837 6100 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

12:28:15.0915 6100 SCR3XX2K - ok

12:28:15.0978 6100 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe

12:28:16.0056 6100 sdAuxService - ok

12:28:16.0071 6100 sdbus - ok

12:28:16.0103 6100 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe

12:28:16.0103 6100 sdCoreService - ok

12:28:16.0103 6100 SE27bus - ok

12:28:16.0118 6100 se58mdm - ok

12:28:16.0134 6100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:28:16.0134 6100 Secdrv - ok

12:28:16.0165 6100 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

12:28:16.0165 6100 seclogon - ok

12:28:16.0181 6100 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

12:28:16.0181 6100 SENS - ok

12:28:16.0196 6100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:28:16.0196 6100 serenum - ok

12:28:16.0196 6100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:28:16.0212 6100 Serial - ok

12:28:16.0212 6100 SetupNT - ok

12:28:16.0228 6100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:28:16.0228 6100 Sfloppy - ok

12:28:16.0275 6100 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

12:28:16.0290 6100 SharedAccess - ok

12:28:16.0290 6100 shdserv - ok

12:28:16.0337 6100 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:28:16.0337 6100 ShellHWDetection - ok

12:28:16.0353 6100 Simbad - ok

12:28:16.0353 6100 siside - ok

12:28:16.0368 6100 smrt - ok

12:28:16.0368 6100 softfax - ok

12:28:16.0384 6100 Sparrow - ok

12:28:16.0384 6100 spbbcsvc - ok

12:28:16.0400 6100 speedfan - ok

12:28:16.0431 6100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:28:16.0446 6100 splitter - ok

12:28:16.0478 6100 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

12:28:16.0525 6100 Spooler - ok

12:28:16.0525 6100 SprintRcAppSvc - ok

12:28:16.0556 6100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:28:16.0556 6100 sr - ok

12:28:16.0603 6100 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll

12:28:16.0618 6100 srservice - ok

12:28:16.0665 6100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:28:16.0712 6100 Srv - ok

12:28:16.0759 6100 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

12:28:16.0759 6100 SSDPSRV - ok

12:28:16.0759 6100 ssoftservice - ok

12:28:16.0775 6100 sstpsvc - ok

12:28:16.0821 6100 Steam Client Service - ok

12:28:16.0837 6100 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

12:28:16.0837 6100 stisvc - ok

12:28:16.0868 6100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:28:16.0868 6100 swenum - ok

12:28:16.0915 6100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:28:16.0931 6100 swmidi - ok

12:28:16.0931 6100 SwPrv - ok

12:28:16.0931 6100 SWUMX20 - ok

12:28:16.0946 6100 symc810 - ok

12:28:16.0962 6100 symc8xx - ok

12:28:16.0962 6100 symsecureport - ok

12:28:16.0962 6100 sym_hi - ok

12:28:16.0978 6100 sym_u3 - ok

12:28:16.0993 6100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:28:16.0993 6100 sysaudio - ok

12:28:17.0025 6100 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

12:28:17.0025 6100 SysmonLog - ok

12:28:17.0056 6100 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

12:28:17.0056 6100 TapiSrv - ok

12:28:17.0103 6100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:28:17.0103 6100 Tcpip - ok

12:28:17.0118 6100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:28:17.0134 6100 TDPIPE - ok

12:28:17.0150 6100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:28:17.0150 6100 TDTCP - ok

12:28:17.0181 6100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:28:17.0181 6100 TermDD - ok

12:28:17.0196 6100 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

12:28:17.0212 6100 TermService - ok

12:28:17.0212 6100 TestHandler - ok

12:28:17.0259 6100 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys

12:28:17.0306 6100 TfFsMon - ok

12:28:17.0306 6100 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys

12:28:17.0384 6100 TfNetMon - ok

12:28:17.0415 6100 tfsndrct - ok

12:28:17.0431 6100 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys

12:28:17.0431 6100 TFSysMon - ok

12:28:17.0478 6100 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:28:17.0478 6100 Themes - ok

12:28:17.0556 6100 ThreatFire - ok

12:28:17.0587 6100 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

12:28:17.0603 6100 TlntSvr - ok

12:28:17.0603 6100 tnidriver - ok

12:28:17.0618 6100 TosIde - ok

12:28:17.0618 6100 tosrfec - ok

12:28:17.0665 6100 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

12:28:17.0665 6100 TrkWks - ok

12:28:17.0681 6100 tvichw32 - ok

12:28:17.0681 6100 U2SP - ok

12:28:17.0728 6100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:28:17.0728 6100 Udfs - ok

12:28:17.0759 6100 ultra - ok

12:28:17.0775 6100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:28:17.0790 6100 Update - ok

12:28:17.0806 6100 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

12:28:17.0821 6100 upnphost - ok

12:28:17.0821 6100 upperdev - ok

12:28:17.0853 6100 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

12:28:17.0853 6100 UPS - ok

12:28:17.0884 6100 us30service - ok

12:28:17.0915 6100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:28:17.0931 6100 usbccgp - ok

12:28:17.0962 6100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:28:17.0962 6100 usbehci - ok

12:28:17.0993 6100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:28:18.0009 6100 usbhub - ok

12:28:18.0056 6100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:28:18.0056 6100 usbprint - ok

12:28:18.0103 6100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:28:18.0103 6100 usbscan - ok

12:28:18.0134 6100 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:28:18.0134 6100 usbstor - ok

12:28:18.0150 6100 usnsvc - ok

12:28:18.0150 6100 v2imount - ok

12:28:18.0165 6100 VAIOMediaPlatform-PhotoServer-HTTP - ok

12:28:18.0165 6100 vetfddnt - ok

12:28:18.0196 6100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:28:18.0196 6100 VgaSave - ok

12:28:18.0212 6100 ViaIde - ok

12:28:18.0212 6100 viaudio - ok

12:28:18.0228 6100 VirtualFD - ok

12:28:18.0228 6100 vmnetdhcp - ok

12:28:18.0228 6100 vncmirror - ok

12:28:18.0259 6100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:28:18.0259 6100 VolSnap - ok

12:28:18.0259 6100 vpcbus - ok

12:28:18.0306 6100 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

12:28:18.0306 6100 VSS - ok

12:28:18.0337 6100 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll

12:28:18.0353 6100 W32Time - ok

12:28:18.0353 6100 w39n51 - ok

12:28:18.0353 6100 W700mdfl - ok

12:28:18.0368 6100 w800bus - ok

12:28:18.0384 6100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:28:18.0400 6100 Wanarp - ok

12:28:18.0431 6100 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

12:28:18.0493 6100 WDC_SAM - ok

12:28:18.0587 6100 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

12:28:18.0681 6100 WDDMService - ok

12:28:18.0759 6100 WDICA - ok

12:28:18.0775 6100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:28:18.0775 6100 wdmaud - ok

12:28:18.0790 6100 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

12:28:18.0837 6100 WDSmartWareBackgroundService - ok

12:28:18.0868 6100 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

12:28:18.0868 6100 WebClient - ok

12:28:18.0868 6100 websensepolicyserver - ok

12:28:18.0884 6100 websenseuserservice - ok

12:28:18.0884 6100 WIBUKEY - ok

12:28:18.0900 6100 win32sl - ok

12:28:18.0900 6100 windrvNT - ok

12:28:18.0915 6100 WINIO - ok

12:28:18.0946 6100 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:28:18.0962 6100 winmgmt - ok

12:28:18.0993 6100 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:28:18.0993 6100 WmdmPmSN - ok

12:28:19.0040 6100 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

12:28:19.0040 6100 Wmi - ok

12:28:19.0056 6100 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

12:28:19.0071 6100 WmiApSrv - ok

12:28:19.0150 6100 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:28:19.0165 6100 WMPNetworkSvc - ok

12:28:19.0181 6100 wpsdrvnt - ok

12:28:19.0212 6100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:28:19.0212 6100 WS2IFSL - ok

12:28:19.0259 6100 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

12:28:19.0259 6100 wscsvc - ok

12:28:19.0275 6100 Wtcls2k - ok

12:28:19.0275 6100 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:28:19.0290 6100 wuauserv - ok

12:28:19.0321 6100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:28:19.0321 6100 WudfPf - ok

12:28:19.0384 6100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:28:19.0400 6100 WudfRd - ok

12:28:19.0446 6100 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:28:19.0446 6100 WudfSvc - ok

12:28:19.0493 6100 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

12:28:19.0493 6100 WZCSVC - ok

12:28:19.0540 6100 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

12:28:19.0540 6100 xmlprov - ok

12:28:19.0540 6100 z525obex - ok

12:28:19.0556 6100 zebrceb - ok

12:28:19.0556 6100 ziptoa - ok

12:28:19.0571 6100 {6080a529-897e-4629-a488-aba0c29b635e} - ok

12:28:19.0587 6100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:28:19.0759 6100 \Device\Harddisk0\DR0 - ok

12:28:19.0759 6100 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition0

12:28:19.0759 6100 \Device\Harddisk0\DR0\Partition0 - ok

12:28:19.0759 6100 ============================================================

12:28:19.0759 6100 Scan finished

12:28:19.0759 6100 ============================================================

12:28:19.0759 5220 Detected object count: 1

12:28:19.0759 5220 Actual detected object count: 1

12:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - skipped by user

12:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Skip

Share this post


Link to post
Share on other sites

Here it is :)

Execute TDSSKiller.exe and press Start Scan.

  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC_update.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Daniel, I hope I did this process correctly... It was taking forever to load up Internet Explorer.

Here is the log from TDS:

11:22:57.0046 0844 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

11:22:59.0046 0844 ============================================================

11:22:59.0046 0844 Current date / time: 2012/04/09 11:22:59.0046

11:22:59.0046 0844 SystemInfo:

11:22:59.0046 0844

11:22:59.0046 0844 OS Version: 5.1.2600 ServicePack: 3.0

11:22:59.0046 0844 Product type: Workstation

11:22:59.0046 0844 ComputerName: DESKTOP-1

11:22:59.0046 0844 UserName: John & Wendy

11:22:59.0046 0844 Windows directory: C:\WINDOWS

11:22:59.0046 0844 System windows directory: C:\WINDOWS

11:22:59.0046 0844 Processor architecture: Intel x86

11:22:59.0046 0844 Number of processors: 4

11:22:59.0046 0844 Page size: 0x1000

11:22:59.0046 0844 Boot type: Normal boot

11:22:59.0046 0844 ============================================================

11:23:00.0546 0844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:23:00.0578 0844 \Device\Harddisk0\DR0:

11:23:00.0578 0844 MBR used

11:23:00.0578 0844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

11:23:00.0593 0844 Initialize success

11:23:00.0593 0844 ============================================================

11:24:52.0171 3592 ============================================================

11:24:52.0171 3592 Scan started

11:24:52.0171 3592 Mode: Manual;

11:24:52.0171 3592 ============================================================

11:24:52.0562 3592 Abiosdsk - ok

11:24:52.0593 3592 abp480n5 - ok

11:24:52.0656 3592 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

11:24:52.0656 3592 ac.sharedstore - ok

11:24:52.0703 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:24:52.0703 3592 ACPI - ok

11:24:52.0750 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:24:52.0750 3592 ACPIEC - ok

11:24:52.0765 3592 acrsch2svc - ok

11:24:52.0843 3592 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

11:24:52.0906 3592 AdobeFlashPlayerUpdateSvc - ok

11:24:52.0906 3592 adpu160m - ok

11:24:52.0906 3592 adpu320 - ok

11:24:52.0937 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:24:52.0937 3592 aec - ok

11:24:52.0953 3592 Afc - ok

11:24:53.0000 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:24:53.0031 3592 AFD - ok

11:24:53.0078 3592 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

11:24:53.0109 3592 AFS2K - ok

11:24:53.0125 3592 Aha154x - ok

11:24:53.0125 3592 aic78u2 - ok

11:24:53.0140 3592 aic78xx - ok

11:24:53.0140 3592 aksusb - ok

11:24:53.0140 3592 ALABULK - ok

11:24:53.0187 3592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

11:24:53.0187 3592 Alerter - ok

11:24:53.0203 3592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

11:24:53.0203 3592 ALG - ok

11:24:53.0218 3592 AliIde - ok

11:24:53.0218 3592 AlteraByteBlaster - ok

11:24:53.0281 3592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

11:24:53.0343 3592 Ambfilt - ok

11:24:53.0359 3592 amsint - ok

11:24:53.0359 3592 amusbprt - ok

11:24:53.0359 3592 Angel2 - ok

11:24:53.0406 3592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

11:24:53.0406 3592 AppMgmt - ok

11:24:53.0421 3592 AR5416 - ok

11:24:53.0421 3592 asc - ok

11:24:53.0437 3592 asc3350p - ok

11:24:53.0437 3592 asc3550 - ok

11:24:53.0453 3592 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys

11:24:53.0500 3592 AsIO - ok

11:24:53.0546 3592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:24:53.0593 3592 aspnet_state - ok

11:24:53.0703 3592 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

11:24:53.0703 3592 AsSysCtrlService - ok

11:24:53.0703 3592 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys

11:24:53.0750 3592 AsUpIO - ok

11:24:53.0796 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:24:53.0812 3592 AsyncMac - ok

11:24:53.0859 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:24:53.0859 3592 atapi - ok

11:24:53.0859 3592 Atdisk - ok

11:24:53.0875 3592 ati - ok

11:24:53.0906 3592 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe

11:24:53.0953 3592 Ati HotKey Poller - ok

11:24:53.0984 3592 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe

11:24:54.0093 3592 ATI Smart - ok

11:24:54.0171 3592 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:24:54.0234 3592 ati2mtag - ok

11:24:54.0250 3592 atitool - ok

11:24:54.0250 3592 ATKFUSService - ok

11:24:54.0296 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:24:54.0296 3592 Atmarpc - ok

11:24:54.0343 3592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

11:24:54.0343 3592 AudioSrv - ok

11:24:54.0390 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:24:54.0390 3592 audstub - ok

11:24:54.0390 3592 autostore - ok

11:24:54.0406 3592 AVRec - ok

11:24:54.0406 3592 awecho - ok

11:24:54.0421 3592 bdfdll - ok

11:24:54.0453 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:24:54.0453 3592 Beep - ok

11:24:54.0453 3592 besclient - ok

11:24:54.0515 3592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

11:24:54.0515 3592 BITS - ok

11:24:54.0531 3592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

11:24:54.0531 3592 Browser - ok

11:24:54.0593 3592 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

11:24:54.0593 3592 Browser Defender Update Service - ok

11:24:54.0609 3592 btnetfilter - ok

11:24:54.0609 3592 BUFADPT - ok

11:24:54.0609 3592 cachemgr - ok

11:24:54.0625 3592 Cam5603C - ok

11:24:54.0625 3592 Cam5603D - ok

11:24:54.0656 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:24:54.0671 3592 cbidf2k - ok

11:24:54.0671 3592 ccflic0 - ok

11:24:54.0671 3592 cd20xrnt - ok

11:24:54.0687 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:24:54.0687 3592 Cdaudio - ok

11:24:54.0718 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:24:54.0718 3592 Cdfs - ok

11:24:54.0750 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:24:54.0765 3592 Cdrom - ok

11:24:54.0796 3592 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

11:24:54.0843 3592 cfwids - ok

11:24:54.0843 3592 Changer - ok

11:24:54.0859 3592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

11:24:54.0859 3592 CiSvc - ok

11:24:54.0875 3592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

11:24:54.0875 3592 ClipSrv - ok

11:24:54.0921 3592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:24:54.0953 3592 clr_optimization_v2.0.50727_32 - ok

11:24:54.0968 3592 CmdIde - ok

11:24:54.0968 3592 CnxTrUsb - ok

11:24:54.0968 3592 comhost - ok

11:24:54.0984 3592 COMSysApp - ok

11:24:54.0984 3592 Cpqarray - ok

11:24:55.0000 3592 cpqarry2 - ok

11:24:55.0000 3592 cpqdfw - ok

11:24:55.0000 3592 cpqdmi - ok

11:24:55.0015 3592 cpucoolserver - ok

11:24:55.0015 3592 cqmghost - ok

11:24:55.0015 3592 crauto - ok

11:24:55.0046 3592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

11:24:55.0046 3592 CryptSvc - ok

11:24:55.0046 3592 ctljystk - ok

11:24:55.0062 3592 CTSBLFX.DLL - ok

11:24:55.0062 3592 cvslock - ok

11:24:55.0062 3592 cwafadmincontroller - ok

11:24:55.0109 3592 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

11:24:55.0187 3592 cxbu0wdm - ok

11:24:55.0187 3592 dac2w2k - ok

11:24:55.0203 3592 dac960nt - ok

11:24:55.0203 3592 DCamUSBGrandTek - ok

11:24:55.0218 3592 DCamUSBMke2 - ok

11:24:55.0218 3592 DCamUSBSQTECH - ok

11:24:55.0265 3592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:24:55.0281 3592 DcomLaunch - ok

11:24:55.0281 3592 dcpflics - ok

11:24:55.0281 3592 dcstor32 - ok

11:24:55.0296 3592 defwatch - ok

11:24:55.0343 3592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

11:24:55.0343 3592 Dhcp - ok

11:24:55.0343 3592 dirms_defragmentation - ok

11:24:55.0390 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:24:55.0390 3592 Disk - ok

11:24:55.0390 3592 diskeeper - ok

11:24:55.0406 3592 dlaudfam - ok

11:24:55.0406 3592 dmadmin - ok

11:24:55.0437 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:24:55.0453 3592 dmboot - ok

11:24:55.0468 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:24:55.0468 3592 dmio - ok

11:24:55.0484 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:24:55.0484 3592 dmload - ok

11:24:55.0531 3592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

11:24:55.0531 3592 dmserver - ok

11:24:55.0531 3592 DMUSBUSBDCam - ok

11:24:55.0562 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:24:55.0578 3592 DMusic - ok

11:24:55.0640 3592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

11:24:55.0671 3592 Dnscache - ok

11:24:55.0687 3592 dnserver32 - ok

11:24:55.0750 3592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

11:24:55.0750 3592 Dot3svc - ok

11:24:55.0781 3592 dpti2o - ok

11:24:55.0796 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:24:55.0796 3592 drmkaud - ok

11:24:55.0859 3592 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe

11:24:55.0859 3592 DvmMDES - ok

11:24:55.0859 3592 dwmrcs - ok

11:24:55.0890 3592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

11:24:55.0890 3592 EapHost - ok

11:24:55.0890 3592 edspport - ok

11:24:55.0906 3592 egathdrv - ok

11:24:55.0906 3592 ELmou - ok

11:24:55.0921 3592 eloggersvc6 - ok

11:24:55.0921 3592 elotouchscreen - ok

11:24:55.0937 3592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

11:24:55.0937 3592 ERSvc - ok

11:24:55.0953 3592 ET5Drv - ok

11:24:55.0953 3592 EU3_USB - ok

11:24:55.0984 3592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:24:56.0000 3592 Eventlog - ok

11:24:56.0000 3592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

11:24:56.0000 3592 EventSystem - ok

11:24:56.0015 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:24:56.0031 3592 Fastfat - ok

11:24:56.0031 3592 fasttrackinstallerservice - ok

11:24:56.0078 3592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:24:56.0109 3592 FastUserSwitchingCompatibility - ok

11:24:56.0125 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:24:56.0140 3592 Fdc - ok

11:24:56.0140 3592 fgdxbus - ok

11:24:56.0140 3592 filechecker - ok

11:24:56.0156 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:24:56.0171 3592 Fips - ok

11:24:56.0171 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:24:56.0171 3592 Flpydisk - ok

11:24:56.0218 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:24:56.0234 3592 FltMgr - ok

11:24:56.0328 3592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:24:56.0343 3592 FontCache3.0.0.0 - ok

11:24:56.0343 3592 Freedom - ok

11:24:56.0359 3592 fshttps - ok

11:24:56.0359 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:24:56.0359 3592 Fs_Rec - ok

11:24:56.0375 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:24:56.0375 3592 Ftdisk - ok

11:24:56.0390 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:24:56.0390 3592 Gpc - ok

11:24:56.0500 3592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

11:24:56.0500 3592 gupdate - ok

11:24:56.0546 3592 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

11:24:56.0625 3592 hamachi - ok

11:24:56.0703 3592 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

11:24:56.0703 3592 Hamachi2Svc - ok

11:24:56.0765 3592 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:24:56.0781 3592 HDAudBus - ok

11:24:56.0796 3592 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys

11:24:56.0875 3592 HECI - ok

11:24:56.0906 3592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:24:56.0906 3592 helpsvc - ok

11:24:56.0921 3592 HFACSVC - ok

11:24:56.0937 3592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

11:24:56.0937 3592 HidServ - ok

11:24:56.0968 3592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:24:56.0968 3592 hidusb - ok

11:24:57.0000 3592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

11:24:57.0015 3592 hkmsvc - ok

11:24:57.0015 3592 hpdskflt - ok

11:24:57.0031 3592 HPFECP20 - ok

11:24:57.0031 3592 hpn - ok

11:24:57.0062 3592 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:24:57.0093 3592 HPZid412 - ok

11:24:57.0109 3592 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:24:57.0140 3592 HPZipr12 - ok

11:24:57.0203 3592 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:24:57.0234 3592 HPZius12 - ok

11:24:57.0281 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:24:57.0281 3592 HTTP - ok

11:24:57.0296 3592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

11:24:57.0296 3592 HTTPFilter - ok

11:24:57.0296 3592 i2omgmt - ok

11:24:57.0312 3592 i2omp - ok

11:24:57.0343 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:24:57.0359 3592 i8042prt - ok

11:24:57.0359 3592 iaantmon - ok

11:24:57.0359 3592 iaimfp1 - ok

11:24:57.0375 3592 iaimfp2 - ok

11:24:57.0437 3592 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:24:57.0484 3592 ialm - ok

11:24:57.0500 3592 ibmpmdrv - ok

11:24:57.0500 3592 icm10blk - ok

11:24:57.0531 3592 ICM10USB - ok

11:24:57.0546 3592 idechndr - ok

11:24:57.0671 3592 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

11:24:57.0718 3592 IDriverT - ok

11:24:57.0859 3592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:24:57.0921 3592 idsvc - ok

11:24:57.0937 3592 iftpsvc - ok

11:24:57.0953 3592 ikfileflt - ok

11:24:57.0953 3592 iksysflt - ok

11:24:58.0000 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:24:58.0000 3592 Imapi - ok

11:24:58.0046 3592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe

11:24:58.0046 3592 ImapiService - ok

11:24:58.0062 3592 ini910u - ok

11:24:58.0171 3592 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:24:58.0218 3592 IntcAzAudAddService - ok

11:24:58.0265 3592 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys

11:24:58.0343 3592 IntcDAud - ok

11:24:58.0359 3592 IntelIde - ok

11:24:58.0375 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:24:58.0375 3592 intelppm - ok

11:24:58.0390 3592 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:24:58.0406 3592 ip6fw - ok

11:24:58.0421 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:24:58.0437 3592 IpFilterDriver - ok

11:24:58.0468 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:24:58.0468 3592 IpInIp - ok

11:24:58.0484 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:24:58.0500 3592 IpNat - ok

11:24:58.0515 3592 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:24:58.0515 3592 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a91

11:24:58.0515 3592 IPSec ( Virus.Win32.ZAccess.k ) - infected

11:24:58.0515 3592 IPSec - detected Virus.Win32.ZAccess.k (0)

11:24:58.0515 3592 IPSECSHM - ok

11:24:58.0562 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:24:58.0562 3592 IRENUM - ok

11:24:58.0562 3592 irmon - ok

11:24:58.0609 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:24:58.0656 3592 isapnp - ok

11:24:58.0750 3592 issuser - ok

11:24:58.0921 3592 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

11:24:58.0921 3592 JavaQuickStarterService - ok

11:24:58.0968 3592 JGOGO - ok

11:24:59.0000 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:24:59.0000 3592 Kbdclass - ok

11:24:59.0015 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:24:59.0015 3592 kmixer - ok

11:24:59.0046 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:24:59.0046 3592 KSecDD - ok

11:24:59.0062 3592 l8042pr2 - ok

11:24:59.0093 3592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

11:24:59.0125 3592 lanmanserver - ok

11:24:59.0156 3592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

11:24:59.0156 3592 lanmanworkstation - ok

11:24:59.0171 3592 lbrtfdc - ok

11:24:59.0171 3592 lhidusb - ok

11:24:59.0187 3592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

11:24:59.0187 3592 LmHosts - ok

11:24:59.0203 3592 lmimaint - ok

11:24:59.0203 3592 LMouKE - ok

11:24:59.0265 3592 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:24:59.0265 3592 LMS - ok

11:24:59.0281 3592 lockmgr - ok

11:24:59.0281 3592 ltck000c - ok

11:24:59.0296 3592 lvselsus - ok

11:24:59.0296 3592 lwwlicenseservice - ok

11:24:59.0328 3592 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

11:24:59.0406 3592 MBAMProtector - ok

11:24:59.0453 3592 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

11:24:59.0453 3592 MBAMService - ok

11:24:59.0515 3592 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

11:24:59.0515 3592 McMPFSvc - ok

11:24:59.0531 3592 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:24:59.0531 3592 mcmscsvc - ok

11:24:59.0531 3592 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:24:59.0531 3592 McNaiAnn - ok

11:24:59.0546 3592 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:24:59.0546 3592 McNASvc - ok

11:24:59.0578 3592 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe

11:24:59.0625 3592 McODS - ok

11:24:59.0640 3592 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:24:59.0640 3592 McProxy - ok

11:24:59.0671 3592 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

11:24:59.0671 3592 McShield - ok

11:24:59.0765 3592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

11:24:59.0765 3592 Messenger - ok

11:24:59.0781 3592 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

11:24:59.0828 3592 mfeapfk - ok

11:24:59.0890 3592 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

11:24:59.0921 3592 mfeavfk - ok

11:24:59.0937 3592 mfeavfk01 - ok

11:24:59.0968 3592 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

11:25:00.0000 3592 mfebopk - ok

11:25:00.0046 3592 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

11:25:00.0046 3592 mfefire - ok

11:25:00.0078 3592 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

11:25:00.0125 3592 mfefirek - ok

11:25:00.0140 3592 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

11:25:00.0234 3592 mfehidk - ok

11:25:00.0250 3592 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

11:25:00.0296 3592 mfendisk - ok

11:25:00.0296 3592 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

11:25:00.0296 3592 mfendiskmp - ok

11:25:00.0328 3592 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

11:25:00.0359 3592 mferkdet - ok

11:25:00.0390 3592 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

11:25:00.0437 3592 mfetdi2k - ok

11:25:00.0484 3592 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe

11:25:00.0484 3592 mfevtp - ok

11:25:00.0484 3592 mhn - ok

11:25:00.0593 3592 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

11:25:00.0640 3592 Microsoft Office Groove Audit Service - ok

11:25:00.0671 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:25:00.0671 3592 mnmdd - ok

11:25:00.0703 3592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

11:25:00.0703 3592 mnmsrvc - ok

11:25:00.0718 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:25:00.0734 3592 Modem - ok

11:25:00.0765 3592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

11:25:00.0828 3592 Monfilt - ok

11:25:00.0843 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:25:00.0859 3592 Mouclass - ok

11:25:00.0890 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:25:00.0906 3592 mouhid - ok

11:25:00.0921 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:25:00.0921 3592 MountMgr - ok

11:25:00.0921 3592 mraid35x - ok

11:25:00.0953 3592 MREMPR5 - ok

11:25:00.0968 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:25:00.0968 3592 MRxDAV - ok

11:25:01.0000 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:25:01.0078 3592 MRxSmb - ok

11:25:01.0078 3592 mscsptisrv - ok

11:25:01.0125 3592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

11:25:01.0125 3592 MSDTC - ok

11:25:01.0140 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:25:01.0140 3592 Msfs - ok

11:25:01.0140 3592 MSIServer - ok

11:25:01.0171 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:25:01.0171 3592 MSKSSRV - ok

11:25:01.0187 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:25:01.0187 3592 MSPCLOCK - ok

11:25:01.0203 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:25:01.0203 3592 MSPQM - ok

11:25:01.0234 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:25:01.0234 3592 mssmbios - ok

11:25:01.0250 3592 mssql$sony_mediamgr - ok

11:25:01.0250 3592 mssqlserver - ok

11:25:01.0281 3592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

11:25:01.0296 3592 MTsensor - ok

11:25:01.0312 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:25:01.0343 3592 Mup - ok

11:25:01.0359 3592 mvwebserver - ok

11:25:01.0359 3592 mxserver - ok

11:25:01.0390 3592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

11:25:01.0406 3592 napagent - ok

11:25:01.0437 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:25:01.0437 3592 NDIS - ok

11:25:01.0453 3592 Ndisipo - ok

11:25:01.0468 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:25:01.0515 3592 NdisTapi - ok

11:25:01.0531 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:25:01.0546 3592 Ndisuio - ok

11:25:01.0546 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:25:01.0562 3592 NdisWan - ok

11:25:01.0609 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:25:01.0640 3592 NDProxy - ok

11:25:01.0656 3592 NeroMediaHomeService.4 - ok

11:25:01.0656 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:25:01.0671 3592 NetBIOS - ok

11:25:01.0687 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:25:01.0703 3592 NetBT - ok

11:25:01.0734 3592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:25:01.0734 3592 NetDDE - ok

11:25:01.0734 3592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:25:01.0734 3592 NetDDEdsdm - ok

11:25:01.0765 3592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

11:25:01.0765 3592 Netlogon - ok

11:25:01.0781 3592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

11:25:01.0796 3592 Netman - ok

11:25:01.0921 3592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:25:01.0921 3592 NetTcpPortSharing - ok

11:25:01.0984 3592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

11:25:01.0984 3592 Nla - ok

11:25:02.0000 3592 NMSAccessU - ok

11:25:02.0000 3592 NMSSvc - ok

11:25:02.0015 3592 nnsvc - ok

11:25:02.0046 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:25:02.0046 3592 Npfs - ok

11:25:02.0062 3592 NSSvcMgr - ok

11:25:02.0078 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:25:02.0078 3592 Ntfs - ok

11:25:02.0109 3592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

11:25:02.0125 3592 NtLmSsp - ok

11:25:02.0140 3592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

11:25:02.0140 3592 NtmsSvc - ok

11:25:02.0156 3592 NuidFltr - ok

11:25:02.0171 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:25:02.0171 3592 Null - ok

11:25:02.0390 3592 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:25:02.0468 3592 nv - ok

11:25:02.0500 3592 nvata - ok

11:25:02.0562 3592 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys

11:25:02.0593 3592 NVHDA - ok

11:25:02.0609 3592 NVR0FLASHDev - ok

11:25:02.0640 3592 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe

11:25:02.0640 3592 NVSvc - ok

11:25:02.0750 3592 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

11:25:02.0750 3592 nvUpdatusService - ok

11:25:02.0765 3592 NWHOST - ok

11:25:02.0796 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:25:02.0796 3592 NwlnkFlt - ok

11:25:02.0812 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:25:02.0812 3592 NwlnkFwd - ok

11:25:02.0906 3592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:25:02.0968 3592 odserv - ok

11:25:02.0968 3592 ofcpfwsvc - ok

11:25:02.0968 3592 ohci1394 - ok

11:25:02.0984 3592 oraclemtsrecoveryservice - ok

11:25:03.0000 3592 oracleorahome90agent - ok

11:25:03.0000 3592 OracleOraHome92ClientCache - ok

11:25:03.0015 3592 oracleorahometnslistener - ok

11:25:03.0062 3592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:25:03.0093 3592 ose - ok

11:25:03.0109 3592 owstimer - ok

11:25:03.0109 3592 parallel - ok

11:25:03.0156 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

11:25:03.0156 3592 Parport - ok

11:25:03.0156 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:25:03.0171 3592 PartMgr - ok

11:25:03.0187 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:25:03.0187 3592 ParVdm - ok

11:25:03.0203 3592 pcctlcom - ok

11:25:03.0218 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:25:03.0218 3592 PCI - ok

11:25:03.0234 3592 PCIDump - ok

11:25:03.0250 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:25:03.0250 3592 PCIIde - ok

11:25:03.0265 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:25:03.0265 3592 Pcmcia - ok

11:25:03.0312 3592 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys

11:25:03.0375 3592 PCTBD - ok

11:25:03.0437 3592 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys

11:25:03.0515 3592 PCTCore - ok

11:25:03.0562 3592 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys

11:25:03.0609 3592 pctDS - ok

11:25:03.0640 3592 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys

11:25:03.0734 3592 pctEFA - ok

11:25:03.0796 3592 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys

11:25:03.0859 3592 pctgntdi - ok

11:25:03.0890 3592 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys

11:25:03.0968 3592 pctplsg - ok

11:25:04.0093 3592 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys

11:25:04.0171 3592 PCTSD - ok

11:25:04.0171 3592 PDCOMP - ok

11:25:04.0187 3592 PDFRAME - ok

11:25:04.0187 3592 pdlnecfg - ok

11:25:04.0203 3592 PDRELI - ok

11:25:04.0203 3592 PDRFRAME - ok

11:25:04.0218 3592 perc2 - ok

11:25:04.0218 3592 perc2hib - ok

11:25:04.0234 3592 pfmodnt - ok

11:25:04.0265 3592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:25:04.0265 3592 PlugPlay - ok

11:25:04.0296 3592 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe

11:25:04.0312 3592 Pml Driver HPZ12 - ok

11:25:04.0328 3592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

11:25:04.0328 3592 PolicyAgent - ok

11:25:04.0359 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:25:04.0359 3592 PptpMiniport - ok

11:25:04.0375 3592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

11:25:04.0375 3592 Processor - ok

11:25:04.0375 3592 ProcObsrv - ok

11:25:04.0390 3592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:25:04.0390 3592 ProtectedStorage - ok

11:25:04.0390 3592 psasrv - ok

11:25:04.0406 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:25:04.0406 3592 PSched - ok

11:25:04.0406 3592 PTDCBus - ok

11:25:04.0421 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:25:04.0421 3592 Ptilink - ok

11:25:04.0453 3592 purendis - ok

11:25:04.0468 3592 qfcoresvc - ok

11:25:04.0468 3592 ql1080 - ok

11:25:04.0484 3592 Ql10wnt - ok

11:25:04.0484 3592 ql12160 - ok

11:25:04.0484 3592 ql1240 - ok

11:25:04.0500 3592 ql1280 - ok

11:25:04.0500 3592 qserver - ok

11:25:04.0515 3592 racsvc - ok

11:25:04.0515 3592 rampartsvc - ok

11:25:04.0531 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:25:04.0531 3592 RasAcd - ok

11:25:04.0562 3592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

11:25:04.0578 3592 RasAuto - ok

11:25:04.0593 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:25:04.0593 3592 Rasl2tp - ok

11:25:04.0625 3592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

11:25:04.0625 3592 RasMan - ok

11:25:04.0640 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:25:04.0640 3592 RasPppoe - ok

11:25:04.0671 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:25:04.0671 3592 Raspti - ok

11:25:04.0703 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:25:04.0703 3592 Rdbss - ok

11:25:04.0718 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:25:04.0734 3592 RDPCDD - ok

11:25:04.0750 3592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:25:04.0750 3592 rdpdr - ok

11:25:04.0812 3592 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

11:25:04.0890 3592 RDPWD - ok

11:25:04.0937 3592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

11:25:04.0937 3592 RDSessMgr - ok

11:25:04.0968 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:25:04.0968 3592 redbook - ok

11:25:05.0031 3592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

11:25:05.0031 3592 RemoteAccess - ok

11:25:05.0046 3592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

11:25:05.0062 3592 RemoteRegistry - ok

11:25:05.0062 3592 ROOTUSB - ok

11:25:05.0062 3592 roxliveshare9 - ok

11:25:05.0093 3592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

11:25:05.0093 3592 RpcLocator - ok

11:25:05.0140 3592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:25:05.0140 3592 RpcSs - ok

11:25:05.0140 3592 RSAFAL - ok

11:25:05.0171 3592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

11:25:05.0187 3592 RSVP - ok

11:25:05.0187 3592 rt73 - ok

11:25:05.0187 3592 RTL8169 - ok

11:25:05.0250 3592 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

11:25:05.0281 3592 RTLE8023xp - ok

11:25:05.0296 3592 RTSTOR - ok

11:25:05.0328 3592 rxmssync - ok

11:25:05.0328 3592 s116bus - ok

11:25:05.0328 3592 s116obex - ok

11:25:05.0343 3592 s116unic - ok

11:25:05.0343 3592 s125mdm - ok

11:25:05.0359 3592 S3GIGP - ok

11:25:05.0359 3592 s616obex - ok

11:25:05.0406 3592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:25:05.0406 3592 SamSs - ok

11:25:05.0406 3592 sansaservice - ok

11:25:05.0421 3592 sbhooksvc - ok

11:25:05.0453 3592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

11:25:05.0453 3592 SCardSvr - ok

11:25:05.0500 3592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

11:25:05.0515 3592 Schedule - ok

11:25:05.0546 3592 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

11:25:05.0609 3592 SCR3XX2K - ok

11:25:05.0718 3592 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe

11:25:05.0718 3592 sdAuxService - ok

11:25:05.0718 3592 sdbus - ok

11:25:05.0734 3592 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe

11:25:05.0734 3592 sdCoreService - ok

11:25:05.0750 3592 SE27bus - ok

11:25:05.0750 3592 SE2Cmgmt - ok

11:25:05.0765 3592 se58mdm - ok

11:25:05.0796 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:25:05.0796 3592 Secdrv - ok

11:25:05.0812 3592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

11:25:05.0812 3592 seclogon - ok

11:25:05.0812 3592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

11:25:05.0828 3592 SENS - ok

11:25:05.0843 3592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:25:05.0843 3592 serenum - ok

11:25:05.0859 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:25:05.0859 3592 Serial - ok

11:25:05.0890 3592 SetupNT - ok

11:25:05.0921 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:25:05.0921 3592 Sfloppy - ok

11:25:05.0921 3592 sglfb - ok

11:25:05.0968 3592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

11:25:05.0984 3592 SharedAccess - ok

11:25:05.0984 3592 shdserv - ok

11:25:06.0031 3592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:25:06.0031 3592 ShellHWDetection - ok

11:25:06.0046 3592 Simbad - ok

11:25:06.0046 3592 siside - ok

11:25:06.0046 3592 smrt - ok

11:25:06.0062 3592 softfax - ok

11:25:06.0062 3592 Sparrow - ok

11:25:06.0078 3592 spbbcsvc - ok

11:25:06.0078 3592 speedfan - ok

11:25:06.0125 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:25:06.0125 3592 splitter - ok

11:25:06.0171 3592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:25:06.0203 3592 Spooler - ok

11:25:06.0218 3592 SprintRcAppSvc - ok

11:25:06.0218 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:25:06.0234 3592 sr - ok

11:25:06.0250 3592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll

11:25:06.0250 3592 srservice - ok

11:25:06.0296 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:25:06.0343 3592 Srv - ok

11:25:06.0343 3592 SrvcEKIOMngr - ok

11:25:06.0359 3592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

11:25:06.0359 3592 SSDPSRV - ok

11:25:06.0390 3592 ssoftservice - ok

11:25:06.0406 3592 sstpsvc - ok

11:25:06.0468 3592 Steam Client Service - ok

11:25:06.0484 3592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

11:25:06.0484 3592 stisvc - ok

11:25:06.0484 3592 stylexphelper - ok

11:25:06.0515 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:25:06.0515 3592 swenum - ok

11:25:06.0578 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:25:06.0578 3592 swmidi - ok

11:25:06.0578 3592 SWMX00 - ok

11:25:06.0593 3592 SwPrv - ok

11:25:06.0593 3592 SWUMX20 - ok

11:25:06.0609 3592 symc810 - ok

11:25:06.0609 3592 symc8xx - ok

11:25:06.0625 3592 symsecureport - ok

11:25:06.0625 3592 sym_hi - ok

11:25:06.0640 3592 sym_u3 - ok

11:25:06.0671 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:25:06.0671 3592 sysaudio - ok

11:25:06.0718 3592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

11:25:06.0718 3592 SysmonLog - ok

11:25:06.0765 3592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

11:25:06.0765 3592 TapiSrv - ok

11:25:06.0812 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:25:06.0812 3592 Tcpip - ok

11:25:06.0859 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:25:06.0859 3592 TDPIPE - ok

11:25:06.0875 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:25:06.0875 3592 TDTCP - ok

11:25:06.0906 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:25:06.0906 3592 TermDD - ok

11:25:06.0921 3592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

11:25:06.0937 3592 TermService - ok

11:25:06.0937 3592 TestHandler - ok

11:25:06.0984 3592 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys

11:25:07.0015 3592 TfFsMon - ok

11:25:07.0046 3592 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys

11:25:07.0125 3592 TfNetMon - ok

11:25:07.0140 3592 tfsndrct - ok

11:25:07.0156 3592 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys

11:25:07.0234 3592 TFSysMon - ok

11:25:07.0281 3592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:25:07.0296 3592 Themes - ok

11:25:07.0375 3592 ThreatFire - ok

11:25:07.0406 3592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

11:25:07.0406 3592 TlntSvr - ok

11:25:07.0421 3592 tnidriver - ok

11:25:07.0421 3592 TosIde - ok

11:25:07.0421 3592 tosrfec - ok

11:25:07.0468 3592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

11:25:07.0468 3592 TrkWks - ok

11:25:07.0468 3592 tunnelguardservice - ok

11:25:07.0484 3592 U2SP - ok

11:25:07.0484 3592 U81xbus - ok

11:25:07.0515 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:25:07.0515 3592 Udfs - ok

11:25:07.0531 3592 ultra - ok

11:25:07.0578 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:25:07.0578 3592 Update - ok

11:25:07.0593 3592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

11:25:07.0593 3592 upnphost - ok

11:25:07.0609 3592 upperdev - ok

11:25:07.0625 3592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

11:25:07.0640 3592 UPS - ok

11:25:07.0640 3592 us30service - ok

11:25:07.0687 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:25:07.0687 3592 usbccgp - ok

11:25:07.0734 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:25:07.0734 3592 usbehci - ok

11:25:07.0765 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:25:07.0765 3592 usbhub - ok

11:25:07.0796 3592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:25:07.0796 3592 usbprint - ok

11:25:07.0843 3592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:25:07.0843 3592 usbscan - ok

11:25:07.0875 3592 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:25:07.0875 3592 usbstor - ok

11:25:07.0875 3592 usnsvc - ok

11:25:07.0890 3592 v2imount - ok

11:25:07.0890 3592 VAIOMediaPlatform-PhotoServer-HTTP - ok

11:25:07.0890 3592 vetfddnt - ok

11:25:07.0921 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:25:07.0921 3592 VgaSave - ok

11:25:07.0921 3592 ViaIde - ok

11:25:07.0937 3592 viaudio - ok

11:25:07.0937 3592 VirtualFD - ok

11:25:07.0953 3592 vmnetdhcp - ok

11:25:07.0953 3592 vncmirror - ok

11:25:07.0968 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:25:07.0968 3592 VolSnap - ok

11:25:07.0984 3592 vpcbus - ok

11:25:08.0015 3592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

11:25:08.0031 3592 VSS - ok

11:25:08.0062 3592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll

11:25:08.0062 3592 W32Time - ok

11:25:08.0078 3592 w39n51 - ok

11:25:08.0078 3592 W700mdfl - ok

11:25:08.0093 3592 w800bus - ok

11:25:08.0093 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:25:08.0093 3592 Wanarp - ok

11:25:08.0140 3592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

11:25:08.0203 3592 WDC_SAM - ok

11:25:08.0281 3592 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

11:25:08.0281 3592 WDDMService - ok

11:25:08.0281 3592 WDICA - ok

11:25:08.0312 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:25:08.0312 3592 wdmaud - ok

11:25:08.0312 3592 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

11:25:08.0312 3592 WDSmartWareBackgroundService - ok

11:25:08.0359 3592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

11:25:08.0359 3592 WebClient - ok

11:25:08.0359 3592 websensepolicyserver - ok

11:25:08.0375 3592 websenseuserservice - ok

11:25:08.0375 3592 WIBUKEY - ok

11:25:08.0390 3592 win32sl - ok

11:25:08.0390 3592 windrvNT - ok

11:25:08.0406 3592 WINIO - ok

11:25:08.0453 3592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:25:08.0453 3592 winmgmt - ok

11:25:08.0546 3592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

11:25:08.0546 3592 WmdmPmSN - ok

11:25:08.0593 3592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

11:25:08.0593 3592 Wmi - ok

11:25:08.0625 3592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

11:25:08.0640 3592 WmiApSrv - ok

11:25:08.0718 3592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

11:25:08.0734 3592 WMPNetworkSvc - ok

11:25:08.0750 3592 wpsdrvnt - ok

11:25:08.0781 3592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:25:08.0781 3592 WS2IFSL - ok

11:25:08.0781 3592 WscNetDr - ok

11:25:08.0828 3592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

11:25:08.0828 3592 wscsvc - ok

11:25:08.0843 3592 Wtcls2k - ok

11:25:08.0890 3592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

11:25:08.0906 3592 wuauserv - ok

11:25:08.0937 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:25:08.0937 3592 WudfPf - ok

11:25:08.0953 3592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:25:08.0953 3592 WudfRd - ok

11:25:08.0968 3592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

11:25:08.0968 3592 WudfSvc - ok

11:25:09.0015 3592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

11:25:09.0015 3592 WZCSVC - ok

11:25:09.0031 3592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

11:25:09.0046 3592 xmlprov - ok

11:25:09.0046 3592 z525obex - ok

11:25:09.0046 3592 zebrceb - ok

11:25:09.0062 3592 ziptoa - ok

11:25:09.0062 3592 {6080a529-897e-4629-a488-aba0c29b635e} - ok

11:25:09.0078 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:25:09.0453 3592 \Device\Harddisk0\DR0 - ok

11:25:09.0453 3592 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition0

11:25:09.0453 3592 \Device\Harddisk0\DR0\Partition0 - ok

11:25:09.0453 3592 ============================================================

11:25:09.0453 3592 Scan finished

11:25:09.0453 3592 ============================================================

11:25:09.0468 5628 Detected object count: 1

11:25:09.0468 5628 Actual detected object count: 1

11:25:34.0312 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine

11:25:40.0875 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - copied to quarantine

11:25:40.0906 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - copied to quarantine

11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - copied to quarantine

11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - copied to quarantine

11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - copied to quarantine

11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - copied to quarantine

11:25:41.0125 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\L\regyfamx - copied to quarantine

11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - copied to quarantine

11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - copied to quarantine

11:25:41.0171 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - copied to quarantine

11:25:41.0218 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - copied to quarantine

11:25:41.0250 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - copied to quarantine

11:25:41.0296 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - copied to quarantine

11:25:41.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - copied to quarantine

11:25:41.0453 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - copied to quarantine

11:25:41.0546 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - copied to quarantine

11:25:42.0062 5628 Backup copy found, using it..

11:25:42.0078 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot

11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\2220560526 - will be deleted on reboot

11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - will be deleted on reboot

11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - will be deleted on reboot

11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - will be deleted on reboot

11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - will be deleted on reboot

11:25:43.0796 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - will be deleted on reboot

11:25:44.0062 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - will be deleted on reboot

11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - will be deleted on reboot

11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - will be deleted on reboot

11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - will be deleted on reboot

11:25:44.0390 5628 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure

11:26:02.0046 4196 Deinitialize success

Here is the log from ComboFix:

ComboFix 12-04-09.04 - John & Wendy 04/09/2012 11:46:37.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.2535 [GMT -4:00]

Running from: c:\documents and settings\John & Wendy\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\s125mdm.dll

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MREMPR5

-------\Legacy_SERVICE

-------\Legacy_TNIDRIVER

-------\Service_MREMPR5

-------\Service_service

-------\Service_tnidriver

.

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

.

2012-04-09 15:25 . 2012-04-09 15:25 98992 ----a-w- c:\windows\system32\drivers\67092840.sys

2012-04-09 15:25 . 2012-04-09 15:25 75264 ----a-w- c:\windows\system32\drivers\tsk3C.tmp

2012-04-09 15:25 . 2012-04-09 15:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-06 17:23 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi

2012-04-06 17:15 . 2012-04-06 17:15 -------- d-----w- c:\documents and settings\Zach\Application Data\PureEdge

2012-04-06 02:28 . 2012-04-06 13:33 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\LogMeIn Hamachi

2012-04-06 02:28 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\LogMeIn Hamachi

2012-04-06 02:27 . 2012-04-06 02:27 -------- d-----w- c:\program files\LogMeIn Hamachi

2012-04-05 02:56 . 2012-04-05 02:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-05 02:26 . 2012-04-05 02:26 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\PCHealth

2012-04-05 01:55 . 2012-04-05 01:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2012-04-05 00:29 . 2012-04-05 00:29 -------- d-----w- c:\documents and settings\Zach\Application Data\NVIDIA

2012-04-04 23:50 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-04-04 23:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-04 21:51 . 2012-04-04 21:51 -------- d-----w- C:\6802ba65daf0b3e792

2012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- c:\program files\Ask.com

2012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- C:\Firefox

2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\Google

2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\program files\Common Files\Java

2012-04-04 21:33 . 2012-04-04 21:33 -------- d--h--w- c:\documents and settings\Zach\InstallAnywhere

2012-04-04 21:29 . 2012-04-04 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask

2012-04-04 21:01 . 2012-04-04 21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-04 20:50 . 2012-04-04 20:51 -------- d-----w- c:\program files\Minecraft

2012-04-02 22:00 . 2012-02-24 13:16 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2012-04-02 22:00 . 2012-02-24 13:16 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2012-04-02 22:00 . 2012-02-24 13:16 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2012-03-31 19:04 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2012-03-31 19:03 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2012-03-31 19:03 . 2012-03-31 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Temp

2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Google

2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\program files\Google

2012-03-31 18:56 . 2011-09-28 17:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-03-31 18:55 . 2012-02-24 14:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-03-31 18:55 . 2012-02-24 14:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\TestApp

2012-03-31 18:49 . 2012-03-31 18:49 -------- d-sh--w- c:\documents and settings\UpdatusUser\PrivacIE

2012-03-31 18:48 . 2012-03-31 18:48 -------- d-sh--w- c:\documents and settings\UpdatusUser\IECompatCache

2012-03-31 18:48 . 2012-03-31 18:48 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Threat Expert

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 02:56 . 2011-05-17 22:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 21:28 . 2011-03-27 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-17 20:55 . 2012-03-31 18:41 3277632 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old

2012-02-24 14:37 . 2011-12-12 00:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-02-24 14:31 . 2011-12-12 00:43 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-02-17 19:08 . 2011-12-12 03:10 149456 ----a-w- c:\windows\SGDetectionTool.dll

2012-02-17 19:08 . 2011-12-12 03:10 2250704 ----a-w- c:\windows\PCTBDCore.dll

2012-02-17 19:08 . 2011-12-12 03:10 1681360 ----a-w- c:\windows\PCTBDRes.dll

2012-02-17 19:08 . 2011-12-12 03:10 767952 ----a-w- c:\windows\BDTSupport.dll

2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ApproveItForOfficeSetup"="c:\program files\APPROVEIT" [X]

"RTHDCPL"="RTHDCPL.EXE" [2010-01-29 18790432]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-12 174616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-12 145432]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]

"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2012-02-24 2659768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Tyler\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\Zach\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk

backup=c:\windows\pss\ApproveIt StartUp.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]

2009-12-28 22:49 121472 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-01-02 20:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-04-12 05:57 141848 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-06-12 16:08 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-17 15:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-12-24 22:31 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/11/2011 8:43 PM 331880]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/11/2011 8:43 PM 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/11/2011 8:43 PM 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/2/2012 6:00 PM 54328]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/2/2012 6:00 PM 574424]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/6/2011 11:15 PM 11448]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/15/2011 5:48 PM 89792]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/11/2011 8:43 PM 253352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [3/31/2012 2:55 PM 185560]

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/6/2011 11:15 PM 96896]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2011 11:10 PM 550864]

R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [10/16/2009 11:42 AM 319488]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/28/2012 5:38 PM 1373576]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 9:28 PM 652360]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/15/2011 5:48 PM 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/15/2011 5:48 PM 150856]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 10:13 AM 2255464]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/11/2011 8:42 PM 402336]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/15/2011 5:48 PM 57600]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 9:28 PM 20464]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/15/2011 5:48 PM 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:55 AM 119528]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [3/31/2012 2:56 PM 56840]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/11/2011 8:42 PM 70536]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2012 2:59 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:56 PM 253600]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/6/2011 8:27 PM 1691480]

S3 cxbu0wdm;SmartTerminal XX44;c:\windows\system32\drivers\cxbu0wdm.sys [12/20/2011 10:49 AM 114304]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1/6/2011 9:32 PM 235520]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/15/2011 5:48 PM 87656]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/7/2010 12:19 AM 57856]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/2/2012 6:00 PM 35264]

S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2011 4:49 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - DATUNIDR

*Deregistered* - mfeavfk01

*Deregistered* - PCTSDInjDriver32

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

NMSAccessU

ibmsmbus

filterservice

btnetfilter

ASNDIS5

pxfhbus

O2SCBUS

lhidusb

fasttrackinstallerservice

nalntservice

SE2Bmdfl

pavdrv

ghoststartservice

freebsd

DgiVecp

license

StkScan

s3psddr

lxcz_device

V0080Dev

iftpsvc

oracleorahome90agent

NeroMediaHomeService.4

OracleOraHome92ClientCache

S3GIGP

qserver

websenseuserservice

transbaseservice

AmdLLD

whoisd32

FsVga

nimcdlbk

sfman

rollbackclientservice

MRESP50

RTHDMIAzAudService

WDM_YAMAHAAC97

cq_mem

milshieldcleaner

mferkdk

USBModem

PID_08A0

LMouKE

symappcore

rchost

traprcvr

AeLookupSvc

lxcccustomerconnect

sfhlp01

ipodservice

uphclean

cxlpt

zebrceb

nnsvc

atitool

ET5Drv

defwatch

eloggersvc6

siside

lbtserv

tsmapip

se59mgmt

tvichw32

symsecureport

PTDCBus

sdbus

dcstor32

tfsndrct

upperdev

smrt

NuidFltr

CnxTrUsb

se58mdm

dlaudfam

Freedom

cpqdmi

SetupNT

nvata

mssql$sony_mediamgr

apfiltrservice

cbidf

elotouchscreen

Cam5603C

IPSECSHM

SprintRcAppSvc

s116bus

EU3_USB

DCamUSBMke2

vpcbus

ikfileflt

ctljystk

oraclemtsrecoveryservice

roxliveshare9

dcpflics

vetfddnt

z525obex

w39n51

racsvc

konfig

ICM10USB

RTL8169

RSAFAL

cqmghost

irmon

NMSSvc

ELmou

Afc

ibmpmdrv

adpu320

Ndisipo

us30service

AR5416

ssoftservice

w800bus

v2imount

HPFECP20

mhn

{6080a529-897e-4629-a488-aba0c29b635e}

W700mdfl

autostore

s116unic

nmsaccess

l8042pr2

mscsptisrv

U81xbus

lockmgr

rampartsvc

idechndr

tunnelguardservice

owstimer

DCamUSBSQTECH

sbhooksvc

lwwlicenseservice

aksusb

fgdxbus

dwmrcs

RTSTOR

besclient

awecho

ati

lvselsus

ROOTUSB

HFACSVC

datunidr

adobeversioncue

SE2Cmgmt

ATKFUSService

SWMX00

ProcObsrv

Angel2

pfmodnt

SrvcEKIOMngr

ccflic0

ALABULK

oracleorahometnslistener

DCamUSBGrandTek

cwafadmincontroller

sglfb

CTSBLFX.DLL

cpqarry2

s125mdm

bdfdll

WscNetDr

hpdskflt

stylexphelper

ltck000c

JGOGO

cpucoolserver

sstpsvc

websensepolicyserver

softfax

AVRec

WIBUKEY

U2SP

viaudio

amusbprt

wpsdrvnt

dnserver32

WINIO

iaantmon

pcctlcom

DMUSBUSBDCam

AlteraByteBlaster

Cam5603D

purendis

ohci1394

parallel

ziptoa

lsdiorw

U3sHlpDr

usnsvc

VirtualFD

dirms_defragmentation

tosrfec

s116obex

rxmssync

comhost

Wtcls2k

iaimfp1

lmimaint

spbbcsvc

filechecker

cvslock

egathdrv

issuser

speedfan

sansaservice

oraclesnmppeerencapsulator

s616obex

mvwebserver

diskeeper

cpqdfw

iaimfp2

SE27bus

mxserver

vmnetdhcp

TestHandler

edspport

NSSvcMgr

qfcoresvc

crauto

mssqlserver

fshttps

pdlnecfg

BUFADPT

cachemgr

bufserv

adiloader

PSI_SVC_2

rt73

sprtsvc_dellsupportcenter

backupexecrpcservice

pchost

iolodmv

NWHOST

shdserv

bthpan

rupsd

surveyor

se2End5

ctaud2k

w800mdfl

cis1284

tvtpktfilter

digisptiservice

quickhealfirewall

kraidsvc

awhost32

backupexecalertserver

XUIF

amdppm

AF15BDA

win32sl

pavprsrv

timounter

de_serv

oracle_load_balancer_60_client-forms6i

rnadirmultiplexor

psdistributionagent

ql2100

iksysflt

vncmirror

VAIOMediaPlatform-PhotoServer-HTTP

SWUMX20

NVR0FLASHDev

acrsch2svc

wlmel51b

windrvNT

ofcpfwsvc

winachsx

Invoker

arcltsrv

AsDsm

icm10blk

qbcfmonitorservice

ha10kx2k

wacommousefilter

SQLAgent$ABBEYIIOFFLINE

VHidMinidrv

eeyeevnt

navapel

psasrv

SE26mdm

appdrv

MTDVC2

S7oppilx

pdlndlpb

W8335XP

tunmp

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

xmlprov

wscsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:56]

.

2012-04-09 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2011-01-09 04:55]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: mswsock.dll

Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-PCTools FGuard - c:\program files\PC Tools Security\BDT\FGuard.exe

SafeBoot-51262312.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-09 12:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-789336058-2077806209-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:59,46,75,ac,71,11,35,86,6c,80,40,84,24,75,9f,dd,74,27,68,bb,47,

58,6a,67,a7,28,46,55,5b,3c,86,32,68,5a,ef,ee,a0,54,7f,b9,2f,a7,80,61,19,d8,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1352)

c:\program files\ActivIdentity\ActivClient\ackpbsc.dll

c:\program files\ActivIdentity\ActivClient\aclog.dll

c:\program files\ActivIdentity\ActivClient\accrypto.dll

c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll

c:\program files\ActivIdentity\ActivClient\acevtsub.dll

c:\program files\ActivIdentity\ActivClient\asphat32.dll

c:\program files\ActivIdentity\ActivClient\acerrmes.dll

c:\program files\ActivIdentity\ActivClient\aiwinext.dll

c:\program files\ActivIdentity\ActivClient\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\program files\ActivIdentity\ActivClient\aipingui.dll

c:\program files\ActivIdentity\ActivClient\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll

.

- - - - - - - > 'lsass.exe'(1408)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\windows\system32\mswsock.dll

mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(5996)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\hnetcfg.dll

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\windows\system32\mswsock.dll

mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\system32\nvsvc32.exe

c:\program files\PC Tools Security\pctsSvc.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\RTHDCPL.EXE

c:\\.\globalroot\SystemRoot\system32\svchost.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe

.

**************************************************************************

.

Completion time: 2012-04-09 12:12:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-09 16:12

.

Pre-Run: 467,767,496,704 bytes free

Post-Run: 469,573,996,544 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 19B1E6E2540BF43F21ACE54674B5C85A

Thank you so much for helping! I do appreciate it very much!

Share this post


Link to post
Share on other sites

Well done. Some things needs our attention.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Share this post


Link to post
Share on other sites

OTL Log:

OTL logfile created on: 4/9/2012 10:28:57 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free

5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe

PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe

PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe

PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2011/09/30 09:11:18 | 000,794,824 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe

PRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe

PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

PRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe

PRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll

MOD - [2012/04/04 22:48:36 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll

MOD - [2012/04/04 22:37:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll

MOD - [2012/04/04 22:36:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll

MOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll

MOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll

MOD - [2012/04/04 22:36:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll

MOD - [2012/04/04 22:36:24 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll

MOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2012/04/04 22:34:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll

MOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll

MOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll

MOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll

MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll

MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})

SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)

SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)

SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)

DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)

DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)

DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)

DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)

DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)

DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GAM2&o=41647940&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7K&apn_dtid=YYYYYYS8US&apn_uid=8398628C-7E90-4A02-8A79-C61CFCBFAE10&apn_sauid=9C1501A5-5410-45D4-BC67-E05BD61C464A

IE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/09 22:26:49 | 000,000,000 | ---D | M]

[2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/09 12:06:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)

O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not found

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294364092906 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)

O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - %systemroot%\system32\quickhealfirewall.dll File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: NMSAccessU - %systemroot%\system32\SE2Cmdm.dll File not found

NetSvcs: ibmsmbus - File not found

NetSvcs: filterservice - File not found

NetSvcs: btnetfilter - %systemroot%\system32\LVCap138.dll File not found

NetSvcs: ASNDIS5 - File not found

NetSvcs: pxfhbus - File not found

NetSvcs: O2SCBUS - File not found

NetSvcs: lhidusb - %systemroot%\system32\MKEMUSB.dll File not found

NetSvcs: fasttrackinstallerservice - %systemroot%\system32\atfsd.dll File not found

NetSvcs: nalntservice - File not found

NetSvcs: SE2Bmdfl - File not found

NetSvcs: pavdrv - File not found

NetSvcs: ghoststartservice - File not found

NetSvcs: freebsd - File not found

NetSvcs: DgiVecp - File not found

NetSvcs: license - File not found

NetSvcs: StkScan - File not found

NetSvcs: s3psddr - File not found

NetSvcs: lxcz_device - File not found

NetSvcs: V0080Dev - File not found

NetSvcs: iftpsvc - %systemroot%\system32\advservice.dll File not found

NetSvcs: oracleorahome90agent - %systemroot%\system32\SE2Cmdfl.dll File not found

NetSvcs: NeroMediaHomeService.4 - %systemroot%\system32\qcdonner.dll File not found

NetSvcs: OracleOraHome92ClientCache - %systemroot%\system32\fallback.dll File not found

NetSvcs: S3GIGP - %systemroot%\system32\addfiltr.dll File not found

NetSvcs: qserver - %systemroot%\system32\dlacdbhm.dll File not found

NetSvcs: websenseuserservice - %systemroot%\system32\s125mgmt.dll File not found

NetSvcs: transbaseservice - File not found

NetSvcs: AmdLLD - File not found

NetSvcs: whoisd32 - File not found

NetSvcs: FsVga - C:\WINDOWS\System32\drivers\fsvga.sys (Microsoft Corporation)

NetSvcs: nimcdlbk - File not found

NetSvcs: sfman - File not found

NetSvcs: rollbackclientservice - File not found

NetSvcs: MRESP50 - File not found

NetSvcs: RTHDMIAzAudService - File not found

NetSvcs: WDM_YAMAHAAC97 - File not found

NetSvcs: cq_mem - File not found

NetSvcs: milshieldcleaner - File not found

NetSvcs: mferkdk - File not found

NetSvcs: USBModem - File not found

NetSvcs: PID_08A0 - File not found

NetSvcs: LMouKE - %systemroot%\system32\dtscsi.dll File not found

NetSvcs: symappcore - File not found

NetSvcs: rchost - File not found

NetSvcs: traprcvr - File not found

NetSvcs: AeLookupSvc - File not found

NetSvcs: lxcccustomerconnect - File not found

NetSvcs: sfhlp01 - File not found

NetSvcs: ipodservice - File not found

NetSvcs: uphclean - File not found

NetSvcs: cxlpt - File not found

NetSvcs: zebrceb - %systemroot%\system32\spmd.dll File not found

NetSvcs: nnsvc - %systemroot%\system32\USIUDF.dll File not found

NetSvcs: atitool - %systemroot%\system32\pchost.dll File not found

NetSvcs: ET5Drv - %systemroot%\system32\incdfs.dll File not found

NetSvcs: defwatch - %systemroot%\system32\superproserver.dll File not found

NetSvcs: eloggersvc6 - %systemroot%\system32\cm102u32.dll File not found

NetSvcs: siside - %systemroot%\system32\siswlsvc.dll File not found

NetSvcs: tvichw32 - File not found

NetSvcs: symsecureport - %systemroot%\system32\s217unic.dll File not found

NetSvcs: PTDCBus - %systemroot%\system32\bthusb.dll File not found

NetSvcs: sdbus - %systemroot%\system32\ctdvda2k.dll File not found

NetSvcs: dcstor32 - %systemroot%\system32\int15.sys.dll File not found

NetSvcs: tfsndrct - %systemroot%\system32\modem.dll File not found

NetSvcs: upperdev - %systemroot%\system32\vxd.dll File not found

NetSvcs: smrt - %systemroot%\system32\iolodmv.dll File not found

NetSvcs: NuidFltr - %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll File not found

NetSvcs: CnxTrUsb - %systemroot%\system32\ser2plms.dll File not found

NetSvcs: se58mdm - %systemroot%\system32\GoogleDesktopManager-010708-104812.dll File not found

NetSvcs: dlaudfam - %systemroot%\system32\Alpham1.dll File not found

NetSvcs: Freedom - %systemroot%\system32\pccsmcfd.dll File not found

NetSvcs: cpqdmi - %systemroot%\system32\TNaviSrv.dll File not found

NetSvcs: SetupNT - %systemroot%\system32\aksfridge.dll File not found

NetSvcs: nvata - %systemroot%\system32\crcdisk.dll File not found

NetSvcs: mssql$sony_mediamgr - %systemroot%\system32\pktfilter.dll File not found

NetSvcs: elotouchscreen - %systemroot%\system32\WMIService.dll File not found

NetSvcs: Cam5603C - %systemroot%\system32\BCMTPM.dll File not found

NetSvcs: IPSECSHM - %systemroot%\system32\backupexecjobengine.dll File not found

NetSvcs: SprintRcAppSvc - %systemroot%\system32\cercsr6.dll File not found

NetSvcs: s116bus - %systemroot%\system32\prfldsvc.dll File not found

NetSvcs: EU3_USB - %systemroot%\system32\RIOUNIV.dll File not found

NetSvcs: DCamUSBMke2 - %systemroot%\system32\napagent.dll File not found

NetSvcs: vpcbus - %systemroot%\system32\basic2.dll File not found

NetSvcs: ikfileflt - %systemroot%\system32\knobserv.dll File not found

NetSvcs: ctljystk - %systemroot%\system32\symantecantibotdriver.dll File not found

NetSvcs: oraclemtsrecoveryservice - %systemroot%\system32\sonytvc.dll File not found

NetSvcs: roxliveshare9 - %systemroot%\system32\tvs.dll File not found

NetSvcs: dcpflics - %systemroot%\system32\nvraid.dll File not found

NetSvcs: vetfddnt - %systemroot%\system32\ntiopnp.dll File not found

NetSvcs: z525obex - %systemroot%\system32\navapel.dll File not found

NetSvcs: w39n51 - %systemroot%\system32\wkscfgsrv.dll File not found

NetSvcs: racsvc - %systemroot%\system32\JavaQuickStarterService.dll File not found

NetSvcs: ICM10USB - %systemroot%\system32\ptilink.dll File not found

NetSvcs: RTL8169 - %systemroot%\system32\roxwatch9.dll File not found

NetSvcs: RSAFAL - %systemroot%\system32\maya70docserver.dll File not found

NetSvcs: cqmghost - %systemroot%\system32\sbpci.dll File not found

NetSvcs: irmon - %systemroot%\system32\quickhealfirewall.dll File not found

NetSvcs: NMSSvc - %systemroot%\system32\iaimfp0.dll File not found

NetSvcs: ELmou - %systemroot%\system32\radclock.dll File not found

NetSvcs: Afc - %systemroot%\system32\lxcj_device.dll File not found

NetSvcs: ibmpmdrv - %systemroot%\system32\ma_cmidi_installerservice.dll File not found

NetSvcs: adpu320 - %systemroot%\system32\tcpip.dll File not found

NetSvcs: Ndisipo - %systemroot%\system32\hcwPVRP2.dll File not found

NetSvcs: us30service - %systemroot%\system32\TPwSav.dll File not found

NetSvcs: AR5416 - %systemroot%\system32\ASMMAP.dll File not found

NetSvcs: ssoftservice - %systemroot%\system32\egathdrv.dll File not found

NetSvcs: w800bus - %systemroot%\system32\SunkFilt.dll File not found

NetSvcs: v2imount - %systemroot%\system32\hsvcmod.dll File not found

NetSvcs: HPFECP20 - %systemroot%\system32\pavsrv.dll File not found

NetSvcs: mhn - %systemroot%\system32\DSXUSB.dll File not found

NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - %systemroot%\system32\ndistapi.dll File not found

NetSvcs: W700mdfl - %systemroot%\system32\roxupnprenderer.dll File not found

NetSvcs: autostore - %systemroot%\system32\CiscoVpnInstallService.dll File not found

NetSvcs: s116unic - %systemroot%\system32\lcs.dll File not found

NetSvcs: l8042pr2 - %systemroot%\system32\iPassPeriodicUpdateService.dll File not found

NetSvcs: mscsptisrv - %systemroot%\system32\s116unic.dll File not found

NetSvcs: U81xbus - %systemroot%\system32\nvport.dll File not found

NetSvcs: lockmgr - %systemroot%\system32\RTHDMIAzAudService.dll File not found

NetSvcs: rampartsvc - %systemroot%\system32\CAM1210.dll File not found

NetSvcs: idechndr - %systemroot%\system32\cachemgr.dll File not found

NetSvcs: tunnelguardservice - %systemroot%\system32\cmbatt.dll File not found

NetSvcs: owstimer - %systemroot%\system32\acmservice.dll File not found

NetSvcs: DCamUSBSQTECH - %systemroot%\system32\Pctspk.dll File not found

NetSvcs: sbhooksvc - %systemroot%\system32\aolservice.dll File not found

NetSvcs: lwwlicenseservice - %systemroot%\system32\sandradatasrv.dll File not found

NetSvcs: aksusb - %systemroot%\system32\cvspydr2.dll File not found

NetSvcs: fgdxbus - %systemroot%\system32\MA8032U.dll File not found

NetSvcs: dwmrcs - %systemroot%\system32\RivaTuner32.dll File not found

NetSvcs: RTSTOR - %systemroot%\system32\termservice.dll File not found

NetSvcs: besclient - %systemroot%\system32\npkcmsvc.dll File not found

NetSvcs: awecho - %systemroot%\system32\enum1394.dll File not found

NetSvcs: ati - %systemroot%\system32\tmmbd.dll File not found

NetSvcs: lvselsus - %systemroot%\system32\iwebcal.dll File not found

NetSvcs: ROOTUSB - %systemroot%\system32\anio.dll File not found

NetSvcs: HFACSVC - %systemroot%\system32\kpfwsvc.dll File not found

NetSvcs: datunidr - File not found

NetSvcs: USBDeviceService - %systemroot%\system32\w550bus.dll File not found

NetSvcs: vpctcom - %systemroot%\system32\EpmShd.dll File not found

NetSvcs: adobeversioncue - File not found

NetSvcs: SE2Cmgmt - %systemroot%\system32\backupexecnamingservice.dll File not found

NetSvcs: ATKFUSService - %systemroot%\system32\KS0108.dll File not found

NetSvcs: SWMX00 - %systemroot%\system32\nmwcdc.dll File not found

NetSvcs: ProcObsrv - %systemroot%\system32\rsvchost.dll File not found

NetSvcs: Angel2 - %systemroot%\system32\sfng32.dll File not found

NetSvcs: pfmodnt - %systemroot%\system32\HPFECP20.dll File not found

NetSvcs: SrvcEKIOMngr - %systemroot%\system32\dcomlaunch.dll File not found

NetSvcs: ccflic0 - %systemroot%\system32\aswlsvc.dll File not found

NetSvcs: ALABULK - %systemroot%\system32\lxdmCATSCustConnectService.dll File not found

NetSvcs: oracleorahometnslistener - %systemroot%\system32\pdengine.dll File not found

NetSvcs: DCamUSBGrandTek - %systemroot%\system32\WavxDMgr.dll File not found

NetSvcs: cwafadmincontroller - %systemroot%\system32\ghostsec.dll File not found

NetSvcs: sglfb - %systemroot%\system32\Invoker.dll File not found

NetSvcs: CTSBLFX.DLL - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not found

NetSvcs: cpqarry2 - %systemroot%\system32\psasrv.dll File not found

NetSvcs: s125mdm - %systemroot%\system32\iviregmgr.dll File not found

NetSvcs: bdfdll - %systemroot%\system32\A88xXBar.dll File not found

NetSvcs: WscNetDr - %systemroot%\system32\winpower.dll File not found

NetSvcs: hpdskflt - %systemroot%\system32\avg7alrt.dll File not found

NetSvcs: stylexphelper - %systemroot%\system32\vstor2.dll File not found

NetSvcs: ltck000c - %systemroot%\system32\EUSBMSD.dll File not found

NetSvcs: JGOGO - %systemroot%\system32\ndiscm.dll File not found

NetSvcs: cpucoolserver - %systemroot%\system32\mcdbus.dll File not found

NetSvcs: sstpsvc - %systemroot%\system32\portio.dll File not found

NetSvcs: websensepolicyserver - %systemroot%\system32\smservaz.dll File not found

NetSvcs: softfax - %systemroot%\system32\senfilt.dll File not found

NetSvcs: AVRec - %systemroot%\system32\tsmapip.dll File not found

NetSvcs: WIBUKEY - %systemroot%\system32\scarddrv.dll File not found

NetSvcs: U2SP - %systemroot%\system32\WNIPROT5.dll File not found

NetSvcs: viaudio - %systemroot%\system32\carboniteservice.dll File not found

NetSvcs: amusbprt - %systemroot%\system32\cmuda.dll File not found

NetSvcs: wpsdrvnt - %systemroot%\system32\mcafeeantispyware.dll File not found

NetSvcs: dnserver32 - %systemroot%\system32\emclisrv.dll File not found

NetSvcs: WINIO - %systemroot%\system32\PCDCODEC.dll File not found

NetSvcs: iaantmon - %systemroot%\system32\yukonwxp.dll File not found

NetSvcs: pcctlcom - %systemroot%\system32\soma.dll File not found

NetSvcs: DMUSBUSBDCam - %systemroot%\system32\lvupdtio.dll File not found

NetSvcs: AlteraByteBlaster - %systemroot%\system32\W55U01.dll File not found

NetSvcs: Cam5603D - %systemroot%\system32\MA8032M.dll File not found

NetSvcs: purendis - %systemroot%\system32\ndproxy.dll File not found

NetSvcs: ohci1394 - %systemroot%\system32\w29n51.dll File not found

NetSvcs: parallel - %systemroot%\system32\mail2ec.dll File not found

NetSvcs: ziptoa - %systemroot%\system32\NVENET.dll File not found

NetSvcs: U3sHlpDr - File not found

NetSvcs: usnsvc - %systemroot%\system32\hclinetd.dll File not found

NetSvcs: VirtualFD - %systemroot%\system32\WNCPKT.dll File not found

NetSvcs: dirms_defragmentation - %systemroot%\system32\orbmediaservice.dll File not found

NetSvcs: tosrfec - %systemroot%\system32\L8042Kbd.dll File not found

NetSvcs: s116obex - %systemroot%\system32\pserve.dll File not found

NetSvcs: rxmssync - %systemroot%\system32\WGX.dll File not found

NetSvcs: comhost - %systemroot%\system32\kpf4.dll File not found

NetSvcs: Wtcls2k - %systemroot%\system32\btdriver.dll File not found

NetSvcs: iaimfp1 - %systemroot%\system32\mmc_2K.dll File not found

NetSvcs: lmimaint - %systemroot%\system32\i81x.dll File not found

NetSvcs: spbbcsvc - %systemroot%\system32\emitray.dll File not found

NetSvcs: filechecker - %systemroot%\system32\sfman.dll File not found

NetSvcs: cvslock - %systemroot%\system32\bt3cusb.dll File not found

NetSvcs: egathdrv - %systemroot%\system32\mvserver.dll File not found

NetSvcs: issuser - %systemroot%\system32\PCASp50.dll File not found

NetSvcs: speedfan - %systemroot%\system32\btkrnl.dll File not found

NetSvcs: sansaservice - %systemroot%\system32\p17.dll File not found

NetSvcs: s616obex - %systemroot%\system32\SE2Bmdfl.dll File not found

NetSvcs: mvwebserver - %systemroot%\system32\websensecpmcommunicationagent.dll File not found

NetSvcs: diskeeper - %systemroot%\system32\apfiltrservice.dll File not found

NetSvcs: cpqdfw - %systemroot%\system32\tangoservice.dll File not found

NetSvcs: iaimfp2 - %systemroot%\system32\USR1806V.dll File not found

NetSvcs: SE27bus - %systemroot%\system32\BCM43XV.dll File not found

NetSvcs: mxserver - %systemroot%\system32\se58bus.dll File not found

NetSvcs: vmnetdhcp - %systemroot%\system32\w3svc.dll File not found

NetSvcs: TestHandler - %systemroot%\system32\VRADFIL.dll File not found

NetSvcs: edspport - %systemroot%\system32\ino_flpy.dll File not found

NetSvcs: NSSvcMgr - %systemroot%\system32\stcagent.dll File not found

NetSvcs: qfcoresvc - %systemroot%\system32\raidmsvr.dll File not found

NetSvcs: crauto - %systemroot%\system32\SQLAgent$LG_LP2.dll File not found

NetSvcs: mssqlserver - %systemroot%\system32\igniteservice.exe.dll File not found

NetSvcs: fshttps - %systemroot%\system32\symc8xx.dll File not found

NetSvcs: pdlnecfg - %systemroot%\system32\WaveFDE.dll File not found

NetSvcs: BUFADPT - %systemroot%\system32\fix.dll File not found

NetSvcs: cachemgr - %systemroot%\system32\trlokom_rmhsvc.dll File not found

NetSvcs: rt73 - %systemroot%\system32\WD_FireWire_HID.dll File not found

NetSvcs: sprtsvc_dellsupportcenter - File not found

NetSvcs: backupexecrpcservice - File not found

NetSvcs: pchost - File not found

NetSvcs: iolodmv - File not found

NetSvcs: NWHOST - %systemroot%\system32\zpjava.dll File not found

NetSvcs: shdserv - %systemroot%\system32\bc_tdi_f.dll File not found

NetSvcs: rupsd - File not found

NetSvcs: surveyor - File not found

NetSvcs: se2End5 - File not found

NetSvcs: ctaud2k - File not found

NetSvcs: w800mdfl - File not found

NetSvcs: cis1284 - File not found

NetSvcs: tvtpktfilter - File not found

NetSvcs: digisptiservice - File not found

NetSvcs: quickhealfirewall - File not found

NetSvcs: kraidsvc - File not found

NetSvcs: awhost32 - File not found

NetSvcs: backupexecalertserver - File not found

NetSvcs: XUIF - File not found

NetSvcs: amdppm - File not found

NetSvcs: AF15BDA - File not found

NetSvcs: win32sl - %systemroot%\system32\tosrfnds.dll File not found

NetSvcs: pavprsrv - File not found

NetSvcs: timounter - File not found

NetSvcs: de_serv - File not found

NetSvcs: oracle_load_balancer_60_client-forms6i - File not found

NetSvcs: rnadirmultiplexor - File not found

NetSvcs: psdistributionagent - File not found

NetSvcs: ql2100 - File not found

NetSvcs: iksysflt - %systemroot%\system32\spcsutilityservice.dll File not found

NetSvcs: vncmirror - %systemroot%\system32\dktknsrv.dll File not found

NetSvcs: VAIOMediaPlatform-PhotoServer-HTTP - %systemroot%\system32\caccprovsp.dll File not found

NetSvcs: SWUMX20 - %systemroot%\system32\isdrv120.dll File not found

NetSvcs: NVR0FLASHDev - %systemroot%\system32\shdserv.dll File not found

NetSvcs: acrsch2svc - %systemroot%\system32\iaimfp2.dll File not found

NetSvcs: wlmel51b - File not found

NetSvcs: windrvNT - %systemroot%\system32\NVTCP.dll File not found

NetSvcs: ofcpfwsvc - %systemroot%\system32\SrvcSSIOMngr.dll File not found

NetSvcs: winachsx - File not found

NetSvcs: Invoker - File not found

NetSvcs: arcltsrv - File not found

NetSvcs: AsDsm - File not found

NetSvcs: icm10blk - %systemroot%\system32\se27unic.dll File not found

NetSvcs: qbcfmonitorservice - File not found

NetSvcs: ha10kx2k - File not found

NetSvcs: wacommousefilter - File not found

NetSvcs: SQLAgent$ABBEYIIOFFLINE - File not found

NetSvcs: VHidMinidrv - File not found

NetSvcs: eeyeevnt - File not found

NetSvcs: navapel - File not found

NetSvcs: psasrv - %systemroot%\system32\lxbt_device.dll File not found

NetSvcs: SE26mdm - File not found

NetSvcs: appdrv - File not found

NetSvcs: MTDVC2 - File not found

NetSvcs: S7oppilx - File not found

NetSvcs: pdlndlpb - File not found

NetSvcs: W8335XP - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk - - File not found

MsConfig - StartUpReg: ASUS Update Checker - hkey= - key= - C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe (ASUSTeK Computer Inc.)

MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/09 11:37:59 | 004,453,897 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe

[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys

[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe

[2012/04/06 23:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr

[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools

[2012/04/06 23:18:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com

[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi

[2012/04/06 13:10:06 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi

[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth

[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792

[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox

[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask

[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft

[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys

[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys

[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys

[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys

[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys

[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys

[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 22:34:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/04/09 22:33:27 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx

[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

[2012/04/09 22:23:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/09 22:23:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012/04/09 22:23:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/09 12:10:57 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/09 12:10:57 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/09 12:06:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/09 12:05:54 | 000,753,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/09 11:38:04 | 004,453,897 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe

[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys

[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip

[2012/04/08 22:52:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/08 22:46:02 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe

[2012/04/06 23:50:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr

[2012/04/06 23:18:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com

[2012/04/06 21:46:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk

[2012/04/06 14:00:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe

[2012/04/06 13:56:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe

[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/04/05 21:06:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/04/04 17:15:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip

[2012/04/06 13:59:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe

[2012/04/06 13:55:57 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe

[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk

[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old

[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac

[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0

[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI

[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat

[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat

[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe

[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat

[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin

[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin

[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys

[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems

[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge

[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge

[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE

[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2011/07/19 15:08:21 | 000,000,000 | ---D | M] -- C:\053eea491c5fc9b2c72bfb42e521

[2011/12/24 23:22:53 | 000,000,000 | ---D | M] -- C:\3df72c8464bb5f5dd77263cd56db

[2012/04/04 17:51:24 | 000,000,000 | ---D | M] -- C:\6802ba65daf0b3e792

[2011/01/08 13:42:58 | 000,000,000 | ---D | M] -- C:\814b825119a9056f53be

[2012/04/09 07:00:29 | 000,000,000 | ---D | M] -- C:\ASUS.000

[2011/01/06 23:18:28 | 000,000,000 | ---D | M] -- C:\ASUS.SYS

[2011/01/07 15:20:37 | 000,000,000 | ---D | M] -- C:\ATI

[2012/04/09 11:44:51 | 000,000,000 | RHSD | M] -- C:\cmdcons

[2011/01/09 16:24:43 | 000,000,000 | ---D | M] -- C:\col3927

[2012/04/06 13:20:34 | 000,000,000 | ---D | M] -- C:\Config.Msi

[2011/01/07 15:20:18 | 000,000,000 | ---D | M] -- C:\Diamond

[2011/12/11 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings

[2011/12/11 20:55:31 | 000,000,000 | -H-D | M] -- C:\dvmexp

[2012/04/04 17:39:15 | 000,000,000 | ---D | M] -- C:\Firefox

[2011/01/06 21:28:00 | 000,000,000 | ---D | M] -- C:\Intel

[2011/01/07 20:26:07 | 000,000,000 | R--D | M] -- C:\MSOCache

[2011/08/20 10:12:51 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2012/04/06 13:15:35 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/04/09 12:12:49 | 000,000,000 | ---D | M] -- C:\Qoobox

[2011/12/20 11:43:23 | 000,000,000 | ---D | M] -- C:\SUPPORT

[2011/12/11 20:43:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012/04/09 11:25:34 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine

[2011/12/23 17:33:42 | 000,000,000 | ---D | M] -- C:\temp

[2012/04/09 22:26:53 | 000,000,000 | ---D | M] -- C:\WINDOWS

[2011/01/06 21:31:15 | 000,000,000 | ---D | M] -- C:\WUTemp

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: REGEDIT.EXE >

[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe

[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe

[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

[2004/08/04 03:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-30 01:22:11

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras log:

OTL Extras logfile created on: 4/9/2012 10:28:57 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free

5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86

"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners

"{713AB069-D22F-4C15-89F0-0FEE92D9AD47}" = PS7600

"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}" = Microsoft S/MIME

"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update

"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center

"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Browser Defender_is1" = Browser Defender 4.0

"Cisco Connect" = Cisco Connect

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSC" = McAfee AntiVirus Plus

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"QuickTime" = QuickTime

"Spyware Doctor" = PC Tools Spyware Doctor 9.0

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/6/2012 6:21:38 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4528 (0x11b0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\LTWEB12n.dll

by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/8/2012 12:15:45 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 2036 (0x7f4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools

Security\TransactionResults\Transaction123.xml by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 10:55:04 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 3000 (0xbb8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western

Digital\WD SmartWare\Front Parlor\config\DefaultRules.xml by C:\Program Files\PC

Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 4/9/2012 10:55:14 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 2580 (0xa14) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools

Security\TransactionResults\Transaction125.xml by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:03:39 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 5136 (0x1410) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:06:02 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4052 (0xfd4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools

Security\BDT\EN.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:12:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 3800 (0xed8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western

Digital\WD SmartWare\Front Parlor\ConfigManager.xml by C:\Program Files\PC Tools

Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:30:27 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4064 (0xfe0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools

Security\TransactionResults\Transaction126.xml by C:\Program Files\PC Tools Security\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:32:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4628 (0x1214) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John

& Wendy\Local Settings\Temporary Internet Files\Content.IE5\AIZINXSZ\anatm[1].js

by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/9/2012 11:35:05 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 5348 (0x14e4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John

& Wendy\Local Settings\Temporary Internet Files\Content.IE5\D905BXDA\brief[1].xml

by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]

Error - 4/8/2012 10:57:47 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 10:58:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 10:59:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:00:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:01:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:02:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:03:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:04:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:05:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 4/8/2012 11:06:24 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023

Description = The Digirefresh service terminated with the following error: %%126

< End of report >

Share this post


Link to post
Share on other sites

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00
:commands
[reboot]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

Share this post


Link to post
Share on other sites

I got the OTL to run, but had problems with Combofix. When I tried to use Combofix it locked up the computer and I had to reboot. I tried to use it a second time and this time it is stuck on the blue text box and says: Combofix preparing to run... Attempting to create a new System Restore point. And it is stuck at this point. I'm not sure what to do now.... Would it be ok to turn it off or reboot the computer? (Having to type this out from my laptop since the desktop comp is locked up.)

Share this post


Link to post
Share on other sites

Be prepared for a lot of work to remove it. Our desktop was completely rebuilt this past fall and we spent a lot of $$$ on it. And even with Malwarebytes, McAfee & PCdoctor.. we still got that virus.

Share this post


Link to post
Share on other sites

Daniel, here is the OTL log:

========== OTL ==========

Service ziptoa stopped successfully!

Service ziptoa deleted successfully!

File %systemroot%\system32\NVENET.dll not found.

Service zebrceb stopped successfully!

Service zebrceb deleted successfully!

File %systemroot%\system32\spmd.dll not found.

Service z525obex stopped successfully!

Service z525obex deleted successfully!

File %systemroot%\system32\navapel.dll not found.

Service Wtcls2k stopped successfully!

Service Wtcls2k deleted successfully!

File %systemroot%\system32\btdriver.dll not found.

Service WscNetDr stopped successfully!

Service WscNetDr deleted successfully!

File %systemroot%\system32\winpower.dll not found.

Service wpsdrvnt stopped successfully!

Service wpsdrvnt deleted successfully!

File %systemroot%\system32\mcafeeantispyware.dll not found.

Service WINIO stopped successfully!

Service WINIO deleted successfully!

File %systemroot%\system32\PCDCODEC.dll not found.

Service windrvNT stopped successfully!

Service windrvNT deleted successfully!

File %systemroot%\system32\NVTCP.dll not found.

Service win32sl stopped successfully!

Service win32sl deleted successfully!

File %systemroot%\system32\tosrfnds.dll not found.

Service WIBUKEY stopped successfully!

Service WIBUKEY deleted successfully!

File %systemroot%\system32\scarddrv.dll not found.

Service websenseuserservice stopped successfully!

Service websenseuserservice deleted successfully!

File %systemroot%\system32\s125mgmt.dll not found.

Service websensepolicyserver stopped successfully!

Service websensepolicyserver deleted successfully!

File %systemroot%\system32\smservaz.dll not found.

Service w800bus stopped successfully!

Service w800bus deleted successfully!

File %systemroot%\system32\SunkFilt.dll not found.

Service W700mdfl stopped successfully!

Service W700mdfl deleted successfully!

File %systemroot%\system32\roxupnprenderer.dll not found.

Service w39n51 stopped successfully!

Service w39n51 deleted successfully!

File %systemroot%\system32\wkscfgsrv.dll not found.

Service vpctcom stopped successfully!

Service vpctcom deleted successfully!

File %systemroot%\system32\EpmShd.dll not found.

Service vpcbus stopped successfully!

Service vpcbus deleted successfully!

File %systemroot%\system32\basic2.dll not found.

Service vncmirror stopped successfully!

Service vncmirror deleted successfully!

File %systemroot%\system32\dktknsrv.dll not found.

Service vmnetdhcp stopped successfully!

Service vmnetdhcp deleted successfully!

File %systemroot%\system32\w3svc.dll not found.

Service VirtualFD stopped successfully!

Service VirtualFD deleted successfully!

File %systemroot%\system32\WNCPKT.dll not found.

Service viaudio stopped successfully!

Service viaudio deleted successfully!

File %systemroot%\system32\carboniteservice.dll not found.

Service vetfddnt stopped successfully!

Service vetfddnt deleted successfully!

File %systemroot%\system32\ntiopnp.dll not found.

Service VAIOMediaPlatform-PhotoServer-HTTP stopped successfully!

Service VAIOMediaPlatform-PhotoServer-HTTP deleted successfully!

File %systemroot%\system32\caccprovsp.dll not found.

Service v2imount stopped successfully!

Service v2imount deleted successfully!

File %systemroot%\system32\hsvcmod.dll not found.

Service usnsvc stopped successfully!

Service usnsvc deleted successfully!

File %systemroot%\system32\hclinetd.dll not found.

Service USBDeviceService stopped successfully!

Service USBDeviceService deleted successfully!

File %systemroot%\system32\w550bus.dll not found.

Service us30service stopped successfully!

Service us30service deleted successfully!

File %systemroot%\system32\TPwSav.dll not found.

Service upperdev stopped successfully!

Service upperdev deleted successfully!

File %systemroot%\system32\vxd.dll not found.

Service U81xbus stopped successfully!

Service U81xbus deleted successfully!

File %systemroot%\system32\nvport.dll not found.

Service U2SP stopped successfully!

Service U2SP deleted successfully!

File %systemroot%\system32\WNIPROT5.dll not found.

Service tunnelguardservice stopped successfully!

Service tunnelguardservice deleted successfully!

File %systemroot%\system32\cmbatt.dll not found.

Service tosrfec stopped successfully!

Service tosrfec deleted successfully!

File %systemroot%\system32\L8042Kbd.dll not found.

Service tfsndrct stopped successfully!

Service tfsndrct deleted successfully!

File %systemroot%\system32\modem.dll not found.

Service TestHandler stopped successfully!

Service TestHandler deleted successfully!

File %systemroot%\system32\VRADFIL.dll not found.

Service symsecureport stopped successfully!

Service symsecureport deleted successfully!

File %systemroot%\system32\s217unic.dll not found.

Service SWUMX20 stopped successfully!

Service SWUMX20 deleted successfully!

File %systemroot%\system32\isdrv120.dll not found.

Error: No service named SWMX00) BLKWGU(Belkin was found to stop!

Service\Driver key SWMX00) BLKWGU(Belkin not found.

File %systemroot%\system32\nmwcdc.dll not found.

Service stylexphelper stopped successfully!

Service stylexphelper deleted successfully!

File %systemroot%\system32\vstor2.dll not found.

Service sstpsvc stopped successfully!

Service sstpsvc deleted successfully!

File %systemroot%\system32\portio.dll not found.

Service ssoftservice stopped successfully!

Service ssoftservice deleted successfully!

File %systemroot%\system32\egathdrv.dll not found.

Service SrvcEKIOMngr stopped successfully!

Service SrvcEKIOMngr deleted successfully!

File %systemroot%\system32\dcomlaunch.dll not found.

Service SprintRcAppSvc stopped successfully!

Service SprintRcAppSvc deleted successfully!

File %systemroot%\system32\cercsr6.dll not found.

Service speedfan stopped successfully!

Service speedfan deleted successfully!

File %systemroot%\system32\btkrnl.dll not found.

Service spbbcsvc stopped successfully!

Service spbbcsvc deleted successfully!

File %systemroot%\system32\emitray.dll not found.

Service softfax stopped successfully!

Service softfax deleted successfully!

File %systemroot%\system32\senfilt.dll not found.

Service smrt stopped successfully!

Service smrt deleted successfully!

File %systemroot%\system32\iolodmv.dll not found.

Service siside stopped successfully!

Service siside deleted successfully!

File %systemroot%\system32\siswlsvc.dll not found.

Service shdserv stopped successfully!

Service shdserv deleted successfully!

File %systemroot%\system32\bc_tdi_f.dll not found.

Service sglfb stopped successfully!

Service sglfb deleted successfully!

File %systemroot%\system32\Invoker.dll not found.

Service SetupNT stopped successfully!

Service SetupNT deleted successfully!

File %systemroot%\system32\aksfridge.dll not found.

Service se58mdm stopped successfully!

Service se58mdm deleted successfully!

File %systemroot%\system32\GoogleDesktopManager-010708-104812.dll not found.

Service SE2Cmgmt stopped successfully!

Service SE2Cmgmt deleted successfully!

File %systemroot%\system32\backupexecnamingservice.dll not found.

Service SE27bus stopped successfully!

Service SE27bus deleted successfully!

File %systemroot%\system32\BCM43XV.dll not found.

Service sdbus stopped successfully!

Service sdbus deleted successfully!

File %systemroot%\system32\ctdvda2k.dll not found.

Service sbhooksvc stopped successfully!

Service sbhooksvc deleted successfully!

File %systemroot%\system32\aolservice.dll not found.

Service sansaservice stopped successfully!

Service sansaservice deleted successfully!

File %systemroot%\system32\p17.dll not found.

Service s616obex stopped successfully!

Service s616obex deleted successfully!

File %systemroot%\system32\SE2Bmdfl.dll not found.

Service S3GIGP stopped successfully!

Service S3GIGP deleted successfully!

File %systemroot%\system32\addfiltr.dll not found.

Service s125mdm stopped successfully!

Service s125mdm deleted successfully!

File %systemroot%\system32\iviregmgr.dll not found.

Service s116unic stopped successfully!

Service s116unic deleted successfully!

File %systemroot%\system32\lcs.dll not found.

Service s116obex stopped successfully!

Service s116obex deleted successfully!

File %systemroot%\system32\pserve.dll not found.

Service s116bus stopped successfully!

Service s116bus deleted successfully!

File %systemroot%\system32\prfldsvc.dll not found.

Service rxmssync stopped successfully!

Service rxmssync deleted successfully!

File %systemroot%\system32\WGX.dll not found.

Service RTSTOR stopped successfully!

Service RTSTOR deleted successfully!

File %systemroot%\system32\termservice.dll not found.

Service RTL8169 stopped successfully!

Service RTL8169 deleted successfully!

File %systemroot%\system32\roxwatch9.dll not found.

Service rt73 stopped successfully!

Service rt73 deleted successfully!

File %systemroot%\system32\WD_FireWire_HID.dll not found.

Service RSAFAL stopped successfully!

Service RSAFAL deleted successfully!

File %systemroot%\system32\maya70docserver.dll not found.

Service roxliveshare9 stopped successfully!

Service roxliveshare9 deleted successfully!

File %systemroot%\system32\tvs.dll not found.

Service ROOTUSB stopped successfully!

Service ROOTUSB deleted successfully!

File %systemroot%\system32\anio.dll not found.

Service rampartsvc stopped successfully!

Service rampartsvc deleted successfully!

File %systemroot%\system32\CAM1210.dll not found.

Service racsvc stopped successfully!

Service racsvc deleted successfully!

File %systemroot%\system32\JavaQuickStarterService.dll not found.

Service qserver stopped successfully!

Service qserver deleted successfully!

File %systemroot%\system32\dlacdbhm.dll not found.

Service qfcoresvc stopped successfully!

Service qfcoresvc deleted successfully!

File %systemroot%\system32\raidmsvr.dll not found.

Service purendis stopped successfully!

Service purendis deleted successfully!

File %systemroot%\system32\ndproxy.dll not found.

Service PTDCBus stopped successfully!

Service PTDCBus deleted successfully!

File %systemroot%\system32\bthusb.dll not found.

Service psasrv stopped successfully!

Service psasrv deleted successfully!

File %systemroot%\system32\lxbt_device.dll not found.

Service ProcObsrv stopped successfully!

Service ProcObsrv deleted successfully!

File %systemroot%\system32\rsvchost.dll not found.

Service pfmodnt stopped successfully!

Service pfmodnt deleted successfully!

File %systemroot%\system32\HPFECP20.dll not found.

Service pdlnecfg stopped successfully!

Service pdlnecfg deleted successfully!

File %systemroot%\system32\WaveFDE.dll not found.

Service pcctlcom stopped successfully!

Service pcctlcom deleted successfully!

File %systemroot%\system32\soma.dll not found.

Service parallel stopped successfully!

Service parallel deleted successfully!

File %systemroot%\system32\mail2ec.dll not found.

Service owstimer stopped successfully!

Service owstimer deleted successfully!

File %systemroot%\system32\acmservice.dll not found.

Service oracleorahometnslistener stopped successfully!

Service oracleorahometnslistener deleted successfully!

File %systemroot%\system32\pdengine.dll not found.

Service OracleOraHome92ClientCache stopped successfully!

Service OracleOraHome92ClientCache deleted successfully!

File %systemroot%\system32\fallback.dll not found.

Service oracleorahome90agent stopped successfully!

Service oracleorahome90agent deleted successfully!

File %systemroot%\system32\SE2Cmdfl.dll not found.

Service oraclemtsrecoveryservice stopped successfully!

Service oraclemtsrecoveryservice deleted successfully!

File %systemroot%\system32\sonytvc.dll not found.

Service ohci1394 stopped successfully!

Service ohci1394 deleted successfully!

File %systemroot%\system32\w29n51.dll not found.

Service ofcpfwsvc stopped successfully!

Service ofcpfwsvc deleted successfully!

File %systemroot%\system32\SrvcSSIOMngr.dll not found.

Service NWHOST stopped successfully!

Service NWHOST deleted successfully!

File %systemroot%\system32\zpjava.dll not found.

Service NVR0FLASHDev stopped successfully!

Service NVR0FLASHDev deleted successfully!

File %systemroot%\system32\shdserv.dll not found.

Service nvata stopped successfully!

Service nvata deleted successfully!

File %systemroot%\system32\crcdisk.dll not found.

Service NuidFltr stopped successfully!

Service NuidFltr deleted successfully!

File %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll not found.

Service NSSvcMgr stopped successfully!

Service NSSvcMgr deleted successfully!

File %systemroot%\system32\stcagent.dll not found.

Service nnsvc stopped successfully!

Service nnsvc deleted successfully!

File %systemroot%\system32\USIUDF.dll not found.

Service NMSSvc stopped successfully!

Service NMSSvc deleted successfully!

File %systemroot%\system32\iaimfp0.dll not found.

Service NMSAccessU stopped successfully!

Service NMSAccessU deleted successfully!

File %systemroot%\system32\SE2Cmdm.dll not found.

Service NeroMediaHomeService.4 stopped successfully!

Service NeroMediaHomeService.4 deleted successfully!

File %systemroot%\system32\qcdonner.dll not found.

Service Ndisipo stopped successfully!

Service Ndisipo deleted successfully!

File %systemroot%\system32\hcwPVRP2.dll not found.

Service mxserver stopped successfully!

Service mxserver deleted successfully!

File %systemroot%\system32\se58bus.dll not found.

Service mvwebserver stopped successfully!

Service mvwebserver deleted successfully!

File %systemroot%\system32\websensecpmcommunicationagent.dll not found.

Service mssqlserver stopped successfully!

Service mssqlserver deleted successfully!

File %systemroot%\system32\igniteservice.exe.dll not found.

Service mssql$sony_mediamgr stopped successfully!

Service mssql$sony_mediamgr deleted successfully!

File %systemroot%\system32\pktfilter.dll not found.

Service mscsptisrv stopped successfully!

Service mscsptisrv deleted successfully!

File %systemroot%\system32\s116unic.dll not found.

Service mhn stopped successfully!

Service mhn deleted successfully!

File %systemroot%\system32\DSXUSB.dll not found.

Service lwwlicenseservice stopped successfully!

Service lwwlicenseservice deleted successfully!

File %systemroot%\system32\sandradatasrv.dll not found.

Service lvselsus stopped successfully!

Service lvselsus deleted successfully!

File %systemroot%\system32\iwebcal.dll not found.

Service ltck000c stopped successfully!

Service ltck000c deleted successfully!

File %systemroot%\system32\EUSBMSD.dll not found.

Service lockmgr stopped successfully!

Service lockmgr deleted successfully!

File %systemroot%\system32\RTHDMIAzAudService.dll not found.

Service LMouKE stopped successfully!

Service LMouKE deleted successfully!

File %systemroot%\system32\dtscsi.dll not found.

Service lmimaint stopped successfully!

Service lmimaint deleted successfully!

File %systemroot%\system32\i81x.dll not found.

Service lhidusb stopped successfully!

Service lhidusb deleted successfully!

File %systemroot%\system32\MKEMUSB.dll not found.

Service l8042pr2 stopped successfully!

Service l8042pr2 deleted successfully!

File %systemroot%\system32\iPassPeriodicUpdateService.dll not found.

Service JGOGO stopped successfully!

Service JGOGO deleted successfully!

File %systemroot%\system32\ndiscm.dll not found.

Service issuser stopped successfully!

Service issuser deleted successfully!

File %systemroot%\system32\PCASp50.dll not found.

Service irmon stopped successfully!

Service irmon deleted successfully!

File %systemroot%\system32\quickhealfirewall.dll not found.

Service IPSECSHM stopped successfully!

Service IPSECSHM deleted successfully!

File %systemroot%\system32\backupexecjobengine.dll not found.

Service iksysflt stopped successfully!

Service iksysflt deleted successfully!

File %systemroot%\system32\spcsutilityservice.dll not found.

Service ikfileflt stopped successfully!

Service ikfileflt deleted successfully!

File %systemroot%\system32\knobserv.dll not found.

Service iftpsvc stopped successfully!

Service iftpsvc deleted successfully!

File %systemroot%\system32\advservice.dll not found.

Service idechndr stopped successfully!

Service idechndr deleted successfully!

File %systemroot%\system32\cachemgr.dll not found.

Service ICM10USB stopped successfully!

Service ICM10USB deleted successfully!

File %systemroot%\system32\ptilink.dll not found.

Service icm10blk stopped successfully!

Service icm10blk deleted successfully!

File %systemroot%\system32\se27unic.dll not found.

Service ibmpmdrv stopped successfully!

Service ibmpmdrv deleted successfully!

File %systemroot%\system32\ma_cmidi_installerservice.dll not found.

Service iaimfp2 stopped successfully!

Service iaimfp2 deleted successfully!

File %systemroot%\system32\USR1806V.dll not found.

Service iaimfp1 stopped successfully!

Service iaimfp1 deleted successfully!

File %systemroot%\system32\mmc_2K.dll not found.

Service iaantmon stopped successfully!

Service iaantmon deleted successfully!

File %systemroot%\system32\yukonwxp.dll not found.

Service HPFECP20 stopped successfully!

Service HPFECP20 deleted successfully!

File %systemroot%\system32\pavsrv.dll not found.

Service hpdskflt stopped successfully!

Service hpdskflt deleted successfully!

File %systemroot%\system32\avg7alrt.dll not found.

Service HFACSVC stopped successfully!

Service HFACSVC deleted successfully!

File %systemroot%\system32\kpfwsvc.dll not found.

Service fshttps stopped successfully!

Service fshttps deleted successfully!

File %systemroot%\system32\symc8xx.dll not found.

Service Freedom stopped successfully!

Service Freedom deleted successfully!

File %systemroot%\system32\pccsmcfd.dll not found.

Service filechecker stopped successfully!

Service filechecker deleted successfully!

File %systemroot%\system32\sfman.dll not found.

Service fgdxbus stopped successfully!

Service fgdxbus deleted successfully!

File %systemroot%\system32\MA8032U.dll not found.

Service fasttrackinstallerservice stopped successfully!

Service fasttrackinstallerservice deleted successfully!

File %systemroot%\system32\atfsd.dll not found.

Service EU3_USB stopped successfully!

Service EU3_USB deleted successfully!

File %systemroot%\system32\RIOUNIV.dll not found.

Service ET5Drv stopped successfully!

Service ET5Drv deleted successfully!

File %systemroot%\system32\incdfs.dll not found.

Service elotouchscreen stopped successfully!

Service elotouchscreen deleted successfully!

File %systemroot%\system32\WMIService.dll not found.

Service eloggersvc6 stopped successfully!

Service eloggersvc6 deleted successfully!

File %systemroot%\system32\cm102u32.dll not found.

Service ELmou stopped successfully!

Service ELmou deleted successfully!

File %systemroot%\system32\radclock.dll not found.

Service egathdrv stopped successfully!

Service egathdrv deleted successfully!

File %systemroot%\system32\mvserver.dll not found.

Service edspport stopped successfully!

Service edspport deleted successfully!

File %systemroot%\system32\ino_flpy.dll not found.

Service dwmrcs stopped successfully!

Service dwmrcs deleted successfully!

File %systemroot%\system32\RivaTuner32.dll not found.

Service dnserver32 stopped successfully!

Service dnserver32 deleted successfully!

File %systemroot%\system32\emclisrv.dll not found.

Service DMUSBUSBDCam stopped successfully!

Service DMUSBUSBDCam deleted successfully!

File %systemroot%\system32\lvupdtio.dll not found.

Service dlaudfam stopped successfully!

Service dlaudfam deleted successfully!

File %systemroot%\system32\Alpham1.dll not found.

Service diskeeper stopped successfully!

Service diskeeper deleted successfully!

File %systemroot%\system32\apfiltrservice.dll not found.

Service dirms_defragmentation stopped successfully!

Service dirms_defragmentation deleted successfully!

File %systemroot%\system32\orbmediaservice.dll not found.

Service defwatch stopped successfully!

Service defwatch deleted successfully!

File %systemroot%\system32\superproserver.dll not found.

Service dcstor32 stopped successfully!

Service dcstor32 deleted successfully!

File %systemroot%\system32\int15.sys.dll not found.

Service dcpflics stopped successfully!

Service dcpflics deleted successfully!

File %systemroot%\system32\nvraid.dll not found.

Service DCamUSBSQTECH stopped successfully!

Service DCamUSBSQTECH deleted successfully!

File %systemroot%\system32\Pctspk.dll not found.

Service DCamUSBMke2 stopped successfully!

Service DCamUSBMke2 deleted successfully!

File %systemroot%\system32\napagent.dll not found.

Service DCamUSBGrandTek stopped successfully!

Service DCamUSBGrandTek deleted successfully!

File %systemroot%\system32\WavxDMgr.dll not found.

Service cwafadmincontroller stopped successfully!

Service cwafadmincontroller deleted successfully!

File %systemroot%\system32\ghostsec.dll not found.

Service cvslock stopped successfully!

Service cvslock deleted successfully!

File %systemroot%\system32\bt3cusb.dll not found.

Service CTSBLFX.DLL stopped successfully!

Service CTSBLFX.DLL deleted successfully!

File %systemroot%\system32\oracleformsserver-forms60server-oraform.dll not found.

Service ctljystk stopped successfully!

Service ctljystk deleted successfully!

File %systemroot%\system32\symantecantibotdriver.dll not found.

Service crauto stopped successfully!

Service crauto deleted successfully!

File %systemroot%\system32\SQLAgent$LG_LP2.dll not found.

Service cqmghost stopped successfully!

Service cqmghost deleted successfully!

File %systemroot%\system32\sbpci.dll not found.

Service cpucoolserver stopped successfully!

Service cpucoolserver deleted successfully!

File %systemroot%\system32\mcdbus.dll not found.

Service cpqdmi stopped successfully!

Service cpqdmi deleted successfully!

File %systemroot%\system32\TNaviSrv.dll not found.

Service cpqdfw stopped successfully!

Service cpqdfw deleted successfully!

File %systemroot%\system32\tangoservice.dll not found.

Service cpqarry2 stopped successfully!

Service cpqarry2 deleted successfully!

File %systemroot%\system32\psasrv.dll not found.

Service comhost stopped successfully!

Service comhost deleted successfully!

File %systemroot%\system32\kpf4.dll not found.

Service CnxTrUsb stopped successfully!

Service CnxTrUsb deleted successfully!

File %systemroot%\system32\ser2plms.dll not found.

Service ccflic0 stopped successfully!

Service ccflic0 deleted successfully!

File %systemroot%\system32\aswlsvc.dll not found.

Service Cam5603D stopped successfully!

Service Cam5603D deleted successfully!

File %systemroot%\system32\MA8032M.dll not found.

Service Cam5603C stopped successfully!

Service Cam5603C deleted successfully!

File %systemroot%\system32\BCMTPM.dll not found.

Service cachemgr stopped successfully!

Service cachemgr deleted successfully!

File %systemroot%\system32\trlokom_rmhsvc.dll not found.

Service BUFADPT stopped successfully!

Service BUFADPT deleted successfully!

File %systemroot%\system32\fix.dll not found.

Service btnetfilter stopped successfully!

Service btnetfilter deleted successfully!

File %systemroot%\system32\LVCap138.dll not found.

Service besclient stopped successfully!

Service besclient deleted successfully!

File %systemroot%\system32\npkcmsvc.dll not found.

Service bdfdll stopped successfully!

Service bdfdll deleted successfully!

File %systemroot%\system32\A88xXBar.dll not found.

Service awecho stopped successfully!

Service awecho deleted successfully!

File %systemroot%\system32\enum1394.dll not found.

Service AVRec stopped successfully!

Service AVRec deleted successfully!

File %systemroot%\system32\tsmapip.dll not found.

Service autostore stopped successfully!

Service autostore deleted successfully!

File %systemroot%\system32\CiscoVpnInstallService.dll not found.

Service ATKFUSService stopped successfully!

Service ATKFUSService deleted successfully!

File %systemroot%\system32\KS0108.dll not found.

Service atitool stopped successfully!

Service atitool deleted successfully!

File %systemroot%\system32\pchost.dll not found.

Service ati stopped successfully!

Service ati deleted successfully!

File %systemroot%\system32\tmmbd.dll not found.

Service AR5416 stopped successfully!

Service AR5416 deleted successfully!

File %systemroot%\system32\ASMMAP.dll not found.

Service Angel2 stopped successfully!

Service Angel2 deleted successfully!

File %systemroot%\system32\sfng32.dll not found.

Service amusbprt stopped successfully!

Service amusbprt deleted successfully!

File %systemroot%\system32\cmuda.dll not found.

Service AlteraByteBlaster stopped successfully!

Service AlteraByteBlaster deleted successfully!

File %systemroot%\system32\W55U01.dll not found.

Service ALABULK stopped successfully!

Service ALABULK deleted successfully!

File %systemroot%\system32\lxdmCATSCustConnectService.dll not found.

Service aksusb stopped successfully!

Service aksusb deleted successfully!

File %systemroot%\system32\cvspydr2.dll not found.

Service Afc stopped successfully!

Service Afc deleted successfully!

File %systemroot%\system32\lxcj_device.dll not found.

Service adpu320 stopped successfully!

Service adpu320 deleted successfully!

File %systemroot%\system32\tcpip.dll not found.

Service acrsch2svc stopped successfully!

Service acrsch2svc deleted successfully!

File %systemroot%\system32\iaimfp2.dll not found.

Service {6080a529-897e-4629-a488-aba0c29b635e} stopped successfully!

Service {6080a529-897e-4629-a488-aba0c29b635e} deleted successfully!

File %systemroot%\system32\ndistapi.dll not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\"netsvcs"|hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00 /E : value set successfully!

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04112012_172523

__________________________________________________________

But I was not able to run the Combofix.exe.... I'm not sure what went wrong with it.

Share this post


Link to post
Share on other sites

Lets try a different way to run CF.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

Combofix /nombr

Let me know if it runs now :)

Share this post


Link to post
Share on other sites

Still didn't work. It will get to the part where the blue text box is up and will get stuck on "Attempting to create a System Restore point" and won't do anything else.

Share this post


Link to post
Share on other sites

Please run OTL.exe.

  • Under the Custom.jpg box paste this in


netsvcs
/md5start
ipsec.sys
/md5stop

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/13/2012 10:15:13 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.94% Memory free

5.33 Gb Paging File | 4.30 Gb Available in Paging File | 80.66% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 436.71 Gb Free Space | 93.76% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe

PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe

PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe

PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe

PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe

PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

PRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

PRC - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe

PRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

PRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 10:42:38 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll

MOD - [2012/04/11 20:02:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll

MOD - [2012/04/11 20:02:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll

MOD - [2012/04/11 20:02:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll

MOD - [2012/04/11 20:02:12 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll

MOD - [2012/04/11 20:01:00 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll

MOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll

MOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll

MOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll

MOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll

MOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll

MOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll

MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll

MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2008/04/13 20:12:36 | 000,050,688 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\smss.exe

MOD - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe

MOD - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\icraplus.dll

MOD - [2008/04/13 20:12:04 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dll

MOD - [2008/04/13 20:12:02 | 000,118,784 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLL

MOD - [2008/04/13 13:39:24 | 002,897,920 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nHancer.dll -- (snoopfree)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc810.dll -- (se58nd5)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdmaud.dll -- (plsremotesvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issuser.dll -- (pctavsvc)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (dlartl_n)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwrdr.dll -- (DevUpper)

SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (CX88AUD)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\keymaestro.dll -- (blueletaudio)

SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)

SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)

SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)

DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)

DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)

DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)

DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)

DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)

DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GAM2&o=41647940&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7K&apn_dtid=YYYYYYS8US&apn_uid=8398628C-7E90-4A02-8A79-C61CFCBFAE10&apn_sauid=9C1501A5-5410-45D4-BC67-E05BD61C464A

IE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/13 22:15:17 | 000,000,000 | ---D | M]

[2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\Extensions

Hosts file not found

O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)

O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not found

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294364092906 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)

O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: mcusrmgr - File not found

NetSvcs: avcgbdr - File not found

NetSvcs: streamloadservice - File not found

NetSvcs: nvidesm - File not found

NetSvcs: QWAVEDRV - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 22:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2012/04/12 13:11:59 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/04/12 13:07:52 | 004,460,173 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe

[2012/04/11 17:25:23 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/11 17:23:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys

[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe

[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools

[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi

[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi

[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth

[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792

[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox

[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask

[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft

[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys

[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys

[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys

[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys

[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys

[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys

[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/13 22:17:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\icraplus.dll

[2012/04/13 22:14:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/04/13 22:12:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/13 22:11:39 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012/04/13 22:11:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/13 22:11:26 | 000,754,927 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2012/04/12 13:07:52 | 004,460,173 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe

[2012/04/12 12:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/12 12:45:04 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx

[2012/04/12 10:46:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2012/04/12 10:14:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk

[2012/04/11 20:01:12 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/11 20:01:12 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/11 18:01:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk

[2012/04/11 17:16:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2012/04/09 22:57:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe

[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys

[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip

[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe

[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\cwbrxd.dll

[2012/04/11 18:01:37 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk

[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip

[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk

[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old

[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac

[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0

[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI

[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat

[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat

[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe

[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat

[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin

[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin

[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys

[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems

[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge

[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge

[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE

[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: IPSEC.SYS >

[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys

[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys

[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys

[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

[2004/08/04 02:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

OTL log:

Share this post


Link to post
Share on other sites

Hy there

How is your system behaving now ?

Share this post


Link to post
Share on other sites

Sorry, things got very busy here. I'm not sure what happened or what I did...but now the computer won't access the internet. When I try to run the update (it is up to date) on Malwarebytes I get the PROGRAM_ERROR_UPDATING (0,0, Host not found). I'm using my laptop to post this, not sure what to do now on the desktop.

Share this post


Link to post
Share on other sites

You are in luck that this topic has not been closed.

Please use an USB Drive to transfer the tool below to your Desktop PC

Please download Farbar's Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Here's the log:

Farbar Service Scanner Version: 24-04-2012

Ran by (administrator) on 26-04-2012 at 23:04:04

Running from "D:\"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.

Connection Status:

==============

Localhost is blocked.

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) mfetdi2k(9) NetBT(6) pctgntdi(9) PSched(7) Tcpip(4)

0x09000000050000000100000002000000030000000400000009000000080000000600000007000000

Attention! IpSec Tag value should be 5. Attention! IpSec Tag value is missing and it should be 5.

**** End of log ****

Share this post


Link to post
Share on other sites

Hy there.

Please download Ipsec.reg and transfer it to the desktop of your infected PC.

Doubleclick on the IPSec.reg and allow it to merge the registry.

Open notepad and copy/paste the text in the Code-box below into it:


FCopy::
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\Drivers\ipsec.sys
File::
C:\WINDOWS\System32\dds_trash_log.cmd
Reboot::


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Let me know if you got your Internet back on the infected one.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.