Teed55 Posted April 7, 2012 ID:540582 Share Posted April 7, 2012 Need help to remove Zeroaccess virus! I’m about to lose my mind & religion over this! We recently moved and just set up the desktop comp that is infected last weekend. Here are the problems:After logging in at desktop, System32 folder will open upGet an installed hardware box (have no idea what this is for…)Internet Explorer will timeout/crash after about 5 minutes or so.Computer is VERY slow.This “rebuilt” computer is running Windows XP, Professional version.We did purchase Malwarebytes back around November when we had another virus on it.We also use PC Tools/Spyware Doctor and McAfee Antivirus Plus.Each will catch the virus and stop it, but it’s still here.I’m not all that tech-savy, but with good instructions I can do what I can to clean up this mess.I’d greatly appreciate the help. Link to post Share on other sites More sharing options...
Larusso Posted April 7, 2012 ID:540591 Share Posted April 7, 2012 Hymy name is Daniel and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Download DDS and save it to your desktop from here or hereDouble click dds to run the tool.When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop and post them in your next replyPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
Teed55 Posted April 7, 2012 Author ID:540601 Share Posted April 7, 2012 Daniel, thank you for your help! I did download the dds to my desktop. And double clicked to run it, but the black text box was only up for a couple of seconds. It never created either log. Do you want me to download the TDS Skiller.exe now? Link to post Share on other sites More sharing options...
Larusso Posted April 7, 2012 ID:540663 Share Posted April 7, 2012 Yes please. Lets see if it will run. Link to post Share on other sites More sharing options...
Teed55 Posted April 8, 2012 Author ID:540863 Share Posted April 8, 2012 Daniel, sorry I was away from home yesterday. Just to let you know we do have three users set up for this computer. Here is the copy of the TDS log:12:27:56.0931 5452 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:0212:27:57.0759 5452 ============================================================12:27:57.0759 5452 Current date / time: 2012/04/08 12:27:57.075912:27:57.0759 5452 SystemInfo:12:27:57.0759 5452 12:27:57.0759 5452 OS Version: 5.1.2600 ServicePack: 3.012:27:57.0759 5452 Product type: Workstation12:27:57.0759 5452 ComputerName: DESKTOP-112:27:57.0759 5452 UserName: John & Wendy12:27:57.0759 5452 Windows directory: C:\WINDOWS12:27:57.0759 5452 System windows directory: C:\WINDOWS12:27:57.0759 5452 Processor architecture: Intel x8612:27:57.0759 5452 Number of processors: 412:27:57.0759 5452 Page size: 0x100012:27:57.0759 5452 Boot type: Normal boot12:27:57.0759 5452 ============================================================12:27:59.0181 5452 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005412:27:59.0212 5452 \Device\Harddisk0\DR0:12:27:59.0212 5452 MBR used12:27:59.0212 5452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D4112:27:59.0259 5452 Initialize success12:27:59.0259 5452 ============================================================12:28:01.0962 6100 ============================================================12:28:01.0962 6100 Scan started12:28:01.0962 6100 Mode: Manual;12:28:01.0962 6100 ============================================================12:28:02.0650 6100 Abiosdsk - ok12:28:02.0665 6100 abp480n5 - ok12:28:02.0728 6100 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe12:28:02.0775 6100 ac.sharedstore - ok12:28:02.0821 6100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys12:28:02.0821 6100 ACPI - ok12:28:02.0868 6100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys12:28:02.0868 6100 ACPIEC - ok12:28:02.0884 6100 acrsch2svc - ok12:28:02.0946 6100 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe12:28:02.0993 6100 AdobeFlashPlayerUpdateSvc - ok12:28:02.0993 6100 adpu160m - ok12:28:03.0009 6100 adpu320 - ok12:28:03.0025 6100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys12:28:03.0040 6100 aec - ok12:28:03.0040 6100 Afc - ok12:28:03.0087 6100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys12:28:03.0134 6100 AFD - ok12:28:03.0165 6100 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys12:28:03.0212 6100 AFS2K - ok12:28:03.0212 6100 Aha154x - ok12:28:03.0228 6100 aic78u2 - ok12:28:03.0228 6100 aic78xx - ok12:28:03.0275 6100 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll12:28:03.0275 6100 Alerter - ok12:28:03.0290 6100 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe12:28:03.0290 6100 ALG - ok12:28:03.0290 6100 AliIde - ok12:28:03.0306 6100 AlteraByteBlaster - ok12:28:03.0368 6100 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys12:28:03.0431 6100 Ambfilt - ok12:28:03.0431 6100 amsint - ok12:28:03.0446 6100 amusbprt - ok12:28:03.0478 6100 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll12:28:03.0478 6100 AppMgmt - ok12:28:03.0478 6100 AR5416 - ok12:28:03.0493 6100 asc - ok12:28:03.0493 6100 asc3350p - ok12:28:03.0509 6100 asc3550 - ok12:28:03.0540 6100 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys12:28:03.0587 6100 AsIO - ok12:28:03.0634 6100 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe12:28:03.0681 6100 aspnet_state - ok12:28:03.0759 6100 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe12:28:03.0806 6100 AsSysCtrlService - ok12:28:03.0806 6100 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys12:28:03.0853 6100 AsUpIO - ok12:28:03.0900 6100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys12:28:03.0900 6100 AsyncMac - ok12:28:03.0946 6100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys12:28:03.0946 6100 atapi - ok12:28:03.0946 6100 Atdisk - ok12:28:03.0993 6100 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe12:28:04.0056 6100 Ati HotKey Poller - ok12:28:04.0103 6100 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe12:28:04.0212 6100 ATI Smart - ok12:28:04.0243 6100 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys12:28:04.0321 6100 ati2mtag - ok12:28:04.0321 6100 atitool - ok12:28:04.0368 6100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys12:28:04.0368 6100 Atmarpc - ok12:28:04.0415 6100 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll12:28:04.0415 6100 AudioSrv - ok12:28:04.0446 6100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys12:28:04.0446 6100 audstub - ok12:28:04.0462 6100 autostore - ok12:28:04.0462 6100 AVRec - ok12:28:04.0493 6100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys12:28:04.0509 6100 Beep - ok12:28:04.0525 6100 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll12:28:04.0525 6100 BITS - ok12:28:04.0540 6100 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll12:28:04.0540 6100 Browser - ok12:28:04.0587 6100 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe12:28:04.0650 6100 Browser Defender Update Service - ok12:28:04.0665 6100 btnetfilter - ok12:28:04.0681 6100 BUFADPT - ok12:28:04.0696 6100 cachemgr - ok12:28:04.0696 6100 Cam5603C - ok12:28:04.0696 6100 Cam5603D - ok12:28:04.0743 6100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys12:28:04.0743 6100 cbidf2k - ok12:28:04.0759 6100 cd20xrnt - ok12:28:04.0759 6100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys12:28:04.0759 6100 Cdaudio - ok12:28:04.0806 6100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys12:28:04.0806 6100 Cdfs - ok12:28:04.0821 6100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys12:28:04.0821 6100 Cdrom - ok12:28:04.0853 6100 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys12:28:04.0853 6100 cfwids - ok12:28:04.0868 6100 Changer - ok12:28:04.0900 6100 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe12:28:04.0915 6100 CiSvc - ok12:28:04.0946 6100 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe12:28:04.0946 6100 ClipSrv - ok12:28:04.0978 6100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:28:05.0025 6100 clr_optimization_v2.0.50727_32 - ok12:28:05.0025 6100 CmdIde - ok12:28:05.0040 6100 CnxTrUsb - ok12:28:05.0040 6100 comhost - ok12:28:05.0040 6100 COMSysApp - ok12:28:05.0056 6100 Cpqarray - ok12:28:05.0056 6100 cpqdfw - ok12:28:05.0071 6100 cpqdmi - ok12:28:05.0071 6100 cpucoolserver - ok12:28:05.0087 6100 cqmghost - ok12:28:05.0087 6100 crauto - ok12:28:05.0103 6100 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll12:28:05.0103 6100 CryptSvc - ok12:28:05.0103 6100 ctljystk - ok12:28:05.0103 6100 cvslock - ok12:28:05.0150 6100 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys12:28:05.0228 6100 cxbu0wdm - ok12:28:05.0228 6100 dac2w2k - ok12:28:05.0243 6100 dac960nt - ok12:28:05.0243 6100 DCamUSBMke2 - ok12:28:05.0290 6100 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll12:28:05.0290 6100 DcomLaunch - ok12:28:05.0306 6100 dcpflics - ok12:28:05.0306 6100 dcstor32 - ok12:28:05.0306 6100 defwatch - ok12:28:05.0353 6100 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll12:28:05.0353 6100 Dhcp - ok12:28:05.0353 6100 dirms_defragmentation - ok12:28:05.0400 6100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys12:28:05.0400 6100 Disk - ok12:28:05.0400 6100 diskeeper - ok12:28:05.0415 6100 dlaudfam - ok12:28:05.0415 6100 dmadmin - ok12:28:05.0446 6100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys12:28:05.0462 6100 dmboot - ok12:28:05.0493 6100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys12:28:05.0509 6100 dmio - ok12:28:05.0509 6100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys12:28:05.0509 6100 dmload - ok12:28:05.0571 6100 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll12:28:05.0571 6100 dmserver - ok12:28:05.0587 6100 DMUSBUSBDCam - ok12:28:05.0603 6100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys12:28:05.0618 6100 DMusic - ok12:28:05.0650 6100 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll12:28:05.0681 6100 Dnscache - ok12:28:05.0696 6100 dnserver32 - ok12:28:05.0759 6100 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll12:28:05.0759 6100 Dot3svc - ok12:28:05.0775 6100 dpti2o - ok12:28:05.0775 6100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys12:28:05.0775 6100 drmkaud - ok12:28:05.0837 6100 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe12:28:05.0837 6100 DvmMDES - ok12:28:05.0884 6100 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll12:28:05.0884 6100 EapHost - ok12:28:05.0884 6100 edspport - ok12:28:05.0900 6100 egathdrv - ok12:28:05.0900 6100 ELmou - ok12:28:05.0900 6100 eloggersvc6 - ok12:28:05.0915 6100 elotouchscreen - ok12:28:05.0931 6100 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll12:28:05.0931 6100 ERSvc - ok12:28:05.0946 6100 ET5Drv - ok12:28:05.0946 6100 EU3_USB - ok12:28:05.0978 6100 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe12:28:05.0993 6100 Eventlog - ok12:28:05.0993 6100 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll12:28:05.0993 6100 EventSystem - ok12:28:06.0009 6100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys12:28:06.0009 6100 Fastfat - ok12:28:06.0056 6100 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:28:06.0087 6100 FastUserSwitchingCompatibility - ok12:28:06.0103 6100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys12:28:06.0103 6100 Fdc - ok12:28:06.0103 6100 filechecker - ok12:28:06.0118 6100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys12:28:06.0118 6100 Fips - ok12:28:06.0150 6100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys12:28:06.0150 6100 Flpydisk - ok12:28:06.0181 6100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys12:28:06.0181 6100 FltMgr - ok12:28:06.0306 6100 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe12:28:06.0321 6100 FontCache3.0.0.0 - ok12:28:06.0337 6100 Freedom - ok12:28:06.0353 6100 fshttps - ok12:28:06.0353 6100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys12:28:06.0353 6100 Fs_Rec - ok12:28:06.0368 6100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys12:28:06.0368 6100 Ftdisk - ok12:28:06.0384 6100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys12:28:06.0384 6100 Gpc - ok12:28:06.0462 6100 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe12:28:06.0509 6100 gupdate - ok12:28:06.0556 6100 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys12:28:06.0634 6100 hamachi - ok12:28:06.0728 6100 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe12:28:06.0728 6100 Hamachi2Svc - ok12:28:06.0775 6100 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys12:28:06.0775 6100 HDAudBus - ok12:28:06.0806 6100 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys12:28:06.0868 6100 HECI - ok12:28:06.0915 6100 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll12:28:06.0915 6100 helpsvc - ok12:28:06.0931 6100 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll12:28:06.0946 6100 HidServ - ok12:28:06.0962 6100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys12:28:06.0962 6100 hidusb - ok12:28:07.0009 6100 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll12:28:07.0009 6100 hkmsvc - ok12:28:07.0025 6100 HPFECP20 - ok12:28:07.0025 6100 hpn - ok12:28:07.0056 6100 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys12:28:07.0087 6100 HPZid412 - ok12:28:07.0103 6100 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys12:28:07.0134 6100 HPZipr12 - ok12:28:07.0134 6100 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys12:28:07.0165 6100 HPZius12 - ok12:28:07.0212 6100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys12:28:07.0212 6100 HTTP - ok12:28:07.0275 6100 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll12:28:07.0275 6100 HTTPFilter - ok12:28:07.0275 6100 i2omgmt - ok12:28:07.0290 6100 i2omp - ok12:28:07.0337 6100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys12:28:07.0337 6100 i8042prt - ok12:28:07.0353 6100 iaantmon - ok12:28:07.0368 6100 iaimfp1 - ok12:28:07.0368 6100 iaimfp2 - ok12:28:07.0431 6100 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys12:28:07.0493 6100 ialm - ok12:28:07.0493 6100 ibmpmdrv - ok12:28:07.0509 6100 ICM10USB - ok12:28:07.0665 6100 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe12:28:07.0775 6100 IDriverT - ok12:28:08.0118 6100 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe12:28:08.0275 6100 idsvc - ok12:28:08.0275 6100 iftpsvc - ok12:28:08.0290 6100 ikfileflt - ok12:28:08.0290 6100 iksysflt - ok12:28:08.0337 6100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys12:28:08.0337 6100 Imapi - ok12:28:08.0384 6100 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe12:28:08.0384 6100 ImapiService - ok12:28:08.0400 6100 ini910u - ok12:28:08.0509 6100 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys12:28:08.0571 6100 IntcAzAudAddService - ok12:28:08.0603 6100 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys12:28:08.0681 6100 IntcDAud - ok12:28:08.0696 6100 IntelIde - ok12:28:08.0728 6100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys12:28:08.0728 6100 intelppm - ok12:28:08.0743 6100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys12:28:08.0743 6100 ip6fw - ok12:28:08.0775 6100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys12:28:08.0775 6100 IpFilterDriver - ok12:28:08.0806 6100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys12:28:08.0821 6100 IpInIp - ok12:28:08.0853 6100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys12:28:08.0853 6100 IpNat - ok12:28:08.0900 6100 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys12:28:08.0900 6100 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a9112:28:08.0900 6100 IPSec ( Virus.Win32.ZAccess.k ) - infected12:28:08.0900 6100 IPSec - detected Virus.Win32.ZAccess.k (0)12:28:08.0900 6100 IPSECSHM - ok12:28:08.0931 6100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys12:28:08.0931 6100 IRENUM - ok12:28:08.0946 6100 irmon - ok12:28:08.0978 6100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys12:28:08.0978 6100 isapnp - ok12:28:08.0978 6100 issuser - ok12:28:09.0071 6100 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe12:28:09.0118 6100 JavaQuickStarterService - ok12:28:09.0118 6100 JGOGO - ok12:28:09.0134 6100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys12:28:09.0134 6100 Kbdclass - ok12:28:09.0150 6100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys12:28:09.0150 6100 kmixer - ok12:28:09.0181 6100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys12:28:09.0181 6100 KSecDD - ok12:28:09.0196 6100 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll12:28:09.0228 6100 lanmanserver - ok12:28:09.0259 6100 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll12:28:09.0259 6100 lanmanworkstation - ok12:28:09.0275 6100 lbrtfdc - ok12:28:09.0275 6100 lhidusb - ok12:28:09.0321 6100 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll12:28:09.0321 6100 LmHosts - ok12:28:09.0337 6100 lmimaint - ok12:28:09.0337 6100 LMouKE - ok12:28:09.0415 6100 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe12:28:09.0415 6100 LMS - ok12:28:09.0446 6100 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys12:28:09.0525 6100 MBAMProtector - ok12:28:09.0603 6100 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe12:28:09.0650 6100 MBAMService - ok12:28:09.0743 6100 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe12:28:09.0806 6100 McMPFSvc - ok12:28:09.0837 6100 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe12:28:09.0837 6100 mcmscsvc - ok12:28:09.0837 6100 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe12:28:09.0837 6100 McNaiAnn - ok12:28:09.0837 6100 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe12:28:09.0837 6100 McNASvc - ok12:28:09.0915 6100 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe12:28:09.0962 6100 McODS - ok12:28:09.0962 6100 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe12:28:09.0962 6100 McProxy - ok12:28:10.0025 6100 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe12:28:10.0025 6100 McShield - ok12:28:10.0134 6100 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll12:28:10.0134 6100 Messenger - ok12:28:10.0150 6100 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys12:28:10.0196 6100 mfeapfk - ok12:28:10.0228 6100 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys12:28:10.0275 6100 mfeavfk - ok12:28:10.0275 6100 mfeavfk01 - ok12:28:10.0290 6100 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys12:28:10.0321 6100 mfebopk - ok12:28:10.0400 6100 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe12:28:10.0400 6100 mfefire - ok12:28:10.0415 6100 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys12:28:10.0462 6100 mfefirek - ok12:28:10.0525 6100 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys12:28:10.0603 6100 mfehidk - ok12:28:10.0618 6100 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys12:28:10.0665 6100 mfendisk - ok12:28:10.0681 6100 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys12:28:10.0681 6100 mfendiskmp - ok12:28:10.0696 6100 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys12:28:10.0743 6100 mferkdet - ok12:28:10.0775 6100 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys12:28:10.0806 6100 mfetdi2k - ok12:28:10.0853 6100 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe12:28:10.0884 6100 mfevtp - ok12:28:10.0900 6100 mhn - ok12:28:10.0978 6100 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe12:28:11.0025 6100 Microsoft Office Groove Audit Service - ok12:28:11.0056 6100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys12:28:11.0056 6100 mnmdd - ok12:28:11.0103 6100 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe12:28:11.0103 6100 mnmsrvc - ok12:28:11.0118 6100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys12:28:11.0118 6100 Modem - ok12:28:11.0165 6100 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys12:28:11.0228 6100 Monfilt - ok12:28:11.0243 6100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys12:28:11.0259 6100 Mouclass - ok12:28:11.0290 6100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys12:28:11.0290 6100 mouhid - ok12:28:11.0321 6100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys12:28:11.0321 6100 MountMgr - ok12:28:11.0321 6100 mraid35x - ok12:28:11.0353 6100 MREMPR5 - ok12:28:11.0368 6100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys12:28:11.0368 6100 MRxDAV - ok12:28:11.0384 6100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys12:28:11.0462 6100 MRxSmb - ok12:28:11.0509 6100 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe12:28:11.0509 6100 MSDTC - ok12:28:11.0525 6100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys12:28:11.0525 6100 Msfs - ok12:28:11.0525 6100 MSIServer - ok12:28:11.0556 6100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys12:28:11.0556 6100 MSKSSRV - ok12:28:11.0571 6100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys12:28:11.0571 6100 MSPCLOCK - ok12:28:11.0587 6100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys12:28:11.0587 6100 MSPQM - ok12:28:11.0618 6100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys12:28:11.0618 6100 mssmbios - ok12:28:11.0634 6100 mssql$sony_mediamgr - ok12:28:11.0634 6100 mssqlserver - ok12:28:11.0681 6100 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys12:28:11.0681 6100 MTsensor - ok12:28:11.0696 6100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys12:28:11.0743 6100 Mup - ok12:28:11.0743 6100 mvwebserver - ok12:28:11.0759 6100 mxserver - ok12:28:11.0790 6100 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll12:28:11.0806 6100 napagent - ok12:28:11.0821 6100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys12:28:11.0837 6100 NDIS - ok12:28:11.0837 6100 Ndisipo - ok12:28:11.0884 6100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys12:28:11.0915 6100 NdisTapi - ok12:28:11.0946 6100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys12:28:11.0946 6100 Ndisuio - ok12:28:11.0946 6100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys12:28:11.0962 6100 NdisWan - ok12:28:12.0009 6100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys12:28:12.0040 6100 NDProxy - ok12:28:12.0040 6100 NeroMediaHomeService.4 - ok12:28:12.0056 6100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys12:28:12.0056 6100 NetBIOS - ok12:28:12.0071 6100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys12:28:12.0087 6100 NetBT - ok12:28:12.0103 6100 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe12:28:12.0118 6100 NetDDE - ok12:28:12.0118 6100 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe12:28:12.0118 6100 NetDDEdsdm - ok12:28:12.0150 6100 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe12:28:12.0150 6100 Netlogon - ok12:28:12.0165 6100 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll12:28:12.0165 6100 Netman - ok12:28:12.0275 6100 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe12:28:12.0275 6100 NetTcpPortSharing - ok12:28:12.0321 6100 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll12:28:12.0321 6100 Nla - ok12:28:12.0321 6100 NMSAccessU - ok12:28:12.0337 6100 NMSSvc - ok12:28:12.0337 6100 nnsvc - ok12:28:12.0400 6100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys12:28:12.0400 6100 Npfs - ok12:28:12.0431 6100 NSSvcMgr - ok12:28:12.0462 6100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys12:28:12.0478 6100 Ntfs - ok12:28:12.0493 6100 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe12:28:12.0493 6100 NtLmSsp - ok12:28:12.0540 6100 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll12:28:12.0540 6100 NtmsSvc - ok12:28:12.0556 6100 NuidFltr - ok12:28:12.0603 6100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys12:28:12.0603 6100 Null - ok12:28:12.0806 6100 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys12:28:13.0087 6100 nv - ok12:28:13.0150 6100 nvata - ok12:28:13.0196 6100 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys12:28:13.0243 6100 NVHDA - ok12:28:13.0321 6100 NVR0FLASHDev - ok12:28:13.0665 6100 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe12:28:13.0696 6100 NVSvc - ok12:28:13.0837 6100 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe12:28:13.0900 6100 nvUpdatusService - ok12:28:13.0915 6100 NWHOST - ok12:28:13.0962 6100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys12:28:13.0962 6100 NwlnkFlt - ok12:28:13.0962 6100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys12:28:13.0978 6100 NwlnkFwd - ok12:28:14.0071 6100 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE12:28:14.0134 6100 odserv - ok12:28:14.0134 6100 ofcpfwsvc - ok12:28:14.0150 6100 ohci1394 - ok12:28:14.0150 6100 oraclemtsrecoveryservice - ok12:28:14.0150 6100 oracleorahome90agent - ok12:28:14.0165 6100 OracleOraHome92ClientCache - ok12:28:14.0196 6100 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE12:28:14.0243 6100 ose - ok12:28:14.0243 6100 parallel - ok12:28:14.0290 6100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys12:28:14.0290 6100 Parport - ok12:28:14.0306 6100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys12:28:14.0306 6100 PartMgr - ok12:28:14.0337 6100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys12:28:14.0337 6100 ParVdm - ok12:28:14.0353 6100 pcctlcom - ok12:28:14.0368 6100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys12:28:14.0368 6100 PCI - ok12:28:14.0384 6100 PCIDump - ok12:28:14.0384 6100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys12:28:14.0384 6100 PCIIde - ok12:28:14.0400 6100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys12:28:14.0415 6100 Pcmcia - ok12:28:14.0446 6100 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys12:28:14.0446 6100 PCTBD - ok12:28:14.0493 6100 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys12:28:14.0493 6100 PCTCore - ok12:28:14.0525 6100 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys12:28:14.0525 6100 pctDS - ok12:28:14.0571 6100 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys12:28:14.0571 6100 pctEFA - ok12:28:14.0603 6100 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys12:28:14.0650 6100 pctgntdi - ok12:28:14.0665 6100 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys12:28:14.0665 6100 pctplsg - ok12:28:14.0681 6100 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys12:28:14.0681 6100 PCTSD - ok12:28:14.0681 6100 PDCOMP - ok12:28:14.0696 6100 PDFRAME - ok12:28:14.0696 6100 pdlnecfg - ok12:28:14.0712 6100 PDRELI - ok12:28:14.0712 6100 PDRFRAME - ok12:28:14.0712 6100 perc2 - ok12:28:14.0728 6100 perc2hib - ok12:28:14.0759 6100 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe12:28:14.0759 6100 PlugPlay - ok12:28:14.0790 6100 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe12:28:14.0837 6100 Pml Driver HPZ12 - ok12:28:14.0853 6100 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe12:28:14.0853 6100 PolicyAgent - ok12:28:14.0884 6100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys12:28:14.0884 6100 PptpMiniport - ok12:28:14.0900 6100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys12:28:14.0900 6100 Processor - ok12:28:14.0915 6100 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:28:14.0915 6100 ProtectedStorage - ok12:28:14.0915 6100 psasrv - ok12:28:14.0931 6100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys12:28:14.0931 6100 PSched - ok12:28:14.0931 6100 PTDCBus - ok12:28:14.0946 6100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys12:28:14.0946 6100 Ptilink - ok12:28:14.0962 6100 purendis - ok12:28:14.0962 6100 qfcoresvc - ok12:28:14.0978 6100 ql1080 - ok12:28:14.0978 6100 Ql10wnt - ok12:28:14.0993 6100 ql12160 - ok12:28:14.0993 6100 ql1240 - ok12:28:15.0009 6100 ql1280 - ok12:28:15.0009 6100 qserver - ok12:28:15.0009 6100 racsvc - ok12:28:15.0025 6100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys12:28:15.0040 6100 RasAcd - ok12:28:15.0103 6100 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll12:28:15.0103 6100 RasAuto - ok12:28:15.0118 6100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys12:28:15.0118 6100 Rasl2tp - ok12:28:15.0134 6100 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll12:28:15.0134 6100 RasMan - ok12:28:15.0150 6100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys12:28:15.0150 6100 RasPppoe - ok12:28:15.0165 6100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys12:28:15.0165 6100 Raspti - ok12:28:15.0181 6100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys12:28:15.0181 6100 Rdbss - ok12:28:15.0196 6100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys12:28:15.0196 6100 RDPCDD - ok12:28:15.0212 6100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys12:28:15.0212 6100 rdpdr - ok12:28:15.0259 6100 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys12:28:15.0337 6100 RDPWD - ok12:28:15.0353 6100 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe12:28:15.0368 6100 RDSessMgr - ok12:28:15.0384 6100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys12:28:15.0400 6100 redbook - ok12:28:15.0431 6100 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll12:28:15.0431 6100 RemoteAccess - ok12:28:15.0478 6100 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll12:28:15.0478 6100 RemoteRegistry - ok12:28:15.0478 6100 roxliveshare9 - ok12:28:15.0509 6100 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe12:28:15.0509 6100 RpcLocator - ok12:28:15.0540 6100 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll12:28:15.0556 6100 RpcSs - ok12:28:15.0556 6100 RSAFAL - ok12:28:15.0587 6100 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe12:28:15.0603 6100 RSVP - ok12:28:15.0603 6100 rt73 - ok12:28:15.0603 6100 RTL8169 - ok12:28:15.0634 6100 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys12:28:15.0681 6100 RTLE8023xp - ok12:28:15.0696 6100 rxmssync - ok12:28:15.0696 6100 s116bus - ok12:28:15.0696 6100 s116obex - ok12:28:15.0712 6100 s116unic - ok12:28:15.0712 6100 S3GIGP - ok12:28:15.0728 6100 s616obex - ok12:28:15.0759 6100 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe12:28:15.0759 6100 SamSs - ok12:28:15.0775 6100 sansaservice - ok12:28:15.0790 6100 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe12:28:15.0790 6100 SCardSvr - ok12:28:15.0806 6100 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll12:28:15.0806 6100 Schedule - ok12:28:15.0837 6100 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys12:28:15.0915 6100 SCR3XX2K - ok12:28:15.0978 6100 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe12:28:16.0056 6100 sdAuxService - ok12:28:16.0071 6100 sdbus - ok12:28:16.0103 6100 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe12:28:16.0103 6100 sdCoreService - ok12:28:16.0103 6100 SE27bus - ok12:28:16.0118 6100 se58mdm - ok12:28:16.0134 6100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys12:28:16.0134 6100 Secdrv - ok12:28:16.0165 6100 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll12:28:16.0165 6100 seclogon - ok12:28:16.0181 6100 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll12:28:16.0181 6100 SENS - ok12:28:16.0196 6100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys12:28:16.0196 6100 serenum - ok12:28:16.0196 6100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys12:28:16.0212 6100 Serial - ok12:28:16.0212 6100 SetupNT - ok12:28:16.0228 6100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys12:28:16.0228 6100 Sfloppy - ok12:28:16.0275 6100 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll12:28:16.0290 6100 SharedAccess - ok12:28:16.0290 6100 shdserv - ok12:28:16.0337 6100 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:28:16.0337 6100 ShellHWDetection - ok12:28:16.0353 6100 Simbad - ok12:28:16.0353 6100 siside - ok12:28:16.0368 6100 smrt - ok12:28:16.0368 6100 softfax - ok12:28:16.0384 6100 Sparrow - ok12:28:16.0384 6100 spbbcsvc - ok12:28:16.0400 6100 speedfan - ok12:28:16.0431 6100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys12:28:16.0446 6100 splitter - ok12:28:16.0478 6100 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe12:28:16.0525 6100 Spooler - ok12:28:16.0525 6100 SprintRcAppSvc - ok12:28:16.0556 6100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys12:28:16.0556 6100 sr - ok12:28:16.0603 6100 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll12:28:16.0618 6100 srservice - ok12:28:16.0665 6100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys12:28:16.0712 6100 Srv - ok12:28:16.0759 6100 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll12:28:16.0759 6100 SSDPSRV - ok12:28:16.0759 6100 ssoftservice - ok12:28:16.0775 6100 sstpsvc - ok12:28:16.0821 6100 Steam Client Service - ok12:28:16.0837 6100 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll12:28:16.0837 6100 stisvc - ok12:28:16.0868 6100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys12:28:16.0868 6100 swenum - ok12:28:16.0915 6100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys12:28:16.0931 6100 swmidi - ok12:28:16.0931 6100 SwPrv - ok12:28:16.0931 6100 SWUMX20 - ok12:28:16.0946 6100 symc810 - ok12:28:16.0962 6100 symc8xx - ok12:28:16.0962 6100 symsecureport - ok12:28:16.0962 6100 sym_hi - ok12:28:16.0978 6100 sym_u3 - ok12:28:16.0993 6100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys12:28:16.0993 6100 sysaudio - ok12:28:17.0025 6100 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe12:28:17.0025 6100 SysmonLog - ok12:28:17.0056 6100 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll12:28:17.0056 6100 TapiSrv - ok12:28:17.0103 6100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys12:28:17.0103 6100 Tcpip - ok12:28:17.0118 6100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys12:28:17.0134 6100 TDPIPE - ok12:28:17.0150 6100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys12:28:17.0150 6100 TDTCP - ok12:28:17.0181 6100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys12:28:17.0181 6100 TermDD - ok12:28:17.0196 6100 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll12:28:17.0212 6100 TermService - ok12:28:17.0212 6100 TestHandler - ok12:28:17.0259 6100 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys12:28:17.0306 6100 TfFsMon - ok12:28:17.0306 6100 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys12:28:17.0384 6100 TfNetMon - ok12:28:17.0415 6100 tfsndrct - ok12:28:17.0431 6100 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys12:28:17.0431 6100 TFSysMon - ok12:28:17.0478 6100 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll12:28:17.0478 6100 Themes - ok12:28:17.0556 6100 ThreatFire - ok12:28:17.0587 6100 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe12:28:17.0603 6100 TlntSvr - ok12:28:17.0603 6100 tnidriver - ok12:28:17.0618 6100 TosIde - ok12:28:17.0618 6100 tosrfec - ok12:28:17.0665 6100 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll12:28:17.0665 6100 TrkWks - ok12:28:17.0681 6100 tvichw32 - ok12:28:17.0681 6100 U2SP - ok12:28:17.0728 6100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys12:28:17.0728 6100 Udfs - ok12:28:17.0759 6100 ultra - ok12:28:17.0775 6100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys12:28:17.0790 6100 Update - ok12:28:17.0806 6100 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll12:28:17.0821 6100 upnphost - ok12:28:17.0821 6100 upperdev - ok12:28:17.0853 6100 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe12:28:17.0853 6100 UPS - ok12:28:17.0884 6100 us30service - ok12:28:17.0915 6100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys12:28:17.0931 6100 usbccgp - ok12:28:17.0962 6100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys12:28:17.0962 6100 usbehci - ok12:28:17.0993 6100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys12:28:18.0009 6100 usbhub - ok12:28:18.0056 6100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys12:28:18.0056 6100 usbprint - ok12:28:18.0103 6100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys12:28:18.0103 6100 usbscan - ok12:28:18.0134 6100 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS12:28:18.0134 6100 usbstor - ok12:28:18.0150 6100 usnsvc - ok12:28:18.0150 6100 v2imount - ok12:28:18.0165 6100 VAIOMediaPlatform-PhotoServer-HTTP - ok12:28:18.0165 6100 vetfddnt - ok12:28:18.0196 6100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys12:28:18.0196 6100 VgaSave - ok12:28:18.0212 6100 ViaIde - ok12:28:18.0212 6100 viaudio - ok12:28:18.0228 6100 VirtualFD - ok12:28:18.0228 6100 vmnetdhcp - ok12:28:18.0228 6100 vncmirror - ok12:28:18.0259 6100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys12:28:18.0259 6100 VolSnap - ok12:28:18.0259 6100 vpcbus - ok12:28:18.0306 6100 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe12:28:18.0306 6100 VSS - ok12:28:18.0337 6100 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll12:28:18.0353 6100 W32Time - ok12:28:18.0353 6100 w39n51 - ok12:28:18.0353 6100 W700mdfl - ok12:28:18.0368 6100 w800bus - ok12:28:18.0384 6100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys12:28:18.0400 6100 Wanarp - ok12:28:18.0431 6100 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys12:28:18.0493 6100 WDC_SAM - ok12:28:18.0587 6100 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe12:28:18.0681 6100 WDDMService - ok12:28:18.0759 6100 WDICA - ok12:28:18.0775 6100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys12:28:18.0775 6100 wdmaud - ok12:28:18.0790 6100 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe12:28:18.0837 6100 WDSmartWareBackgroundService - ok12:28:18.0868 6100 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll12:28:18.0868 6100 WebClient - ok12:28:18.0868 6100 websensepolicyserver - ok12:28:18.0884 6100 websenseuserservice - ok12:28:18.0884 6100 WIBUKEY - ok12:28:18.0900 6100 win32sl - ok12:28:18.0900 6100 windrvNT - ok12:28:18.0915 6100 WINIO - ok12:28:18.0946 6100 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll12:28:18.0962 6100 winmgmt - ok12:28:18.0993 6100 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll12:28:18.0993 6100 WmdmPmSN - ok12:28:19.0040 6100 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll12:28:19.0040 6100 Wmi - ok12:28:19.0056 6100 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe12:28:19.0071 6100 WmiApSrv - ok12:28:19.0150 6100 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe12:28:19.0165 6100 WMPNetworkSvc - ok12:28:19.0181 6100 wpsdrvnt - ok12:28:19.0212 6100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys12:28:19.0212 6100 WS2IFSL - ok12:28:19.0259 6100 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll12:28:19.0259 6100 wscsvc - ok12:28:19.0275 6100 Wtcls2k - ok12:28:19.0275 6100 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll12:28:19.0290 6100 wuauserv - ok12:28:19.0321 6100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys12:28:19.0321 6100 WudfPf - ok12:28:19.0384 6100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys12:28:19.0400 6100 WudfRd - ok12:28:19.0446 6100 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll12:28:19.0446 6100 WudfSvc - ok12:28:19.0493 6100 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll12:28:19.0493 6100 WZCSVC - ok12:28:19.0540 6100 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll12:28:19.0540 6100 xmlprov - ok12:28:19.0540 6100 z525obex - ok12:28:19.0556 6100 zebrceb - ok12:28:19.0556 6100 ziptoa - ok12:28:19.0571 6100 {6080a529-897e-4629-a488-aba0c29b635e} - ok12:28:19.0587 6100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR012:28:19.0759 6100 \Device\Harddisk0\DR0 - ok12:28:19.0759 6100 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition012:28:19.0759 6100 \Device\Harddisk0\DR0\Partition0 - ok12:28:19.0759 6100 ============================================================12:28:19.0759 6100 Scan finished12:28:19.0759 6100 ============================================================12:28:19.0759 5220 Detected object count: 112:28:19.0759 5220 Actual detected object count: 112:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - skipped by user12:29:03.0478 5220 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Skip Link to post Share on other sites More sharing options...
Larusso Posted April 8, 2012 ID:540897 Share Posted April 8, 2012 Here it is Execute TDSSKiller.exe and press Start Scan. Ensure Cure is selected ( it should be by default )Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed Click Continue then click Reboot now.Once complete, a log will be produced at the root drive which is typically C:\For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.Please post the contents of that log in your next reply.Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
Teed55 Posted April 9, 2012 Author ID:541069 Share Posted April 9, 2012 Daniel, I hope I did this process correctly... It was taking forever to load up Internet Explorer. Here is the log from TDS:11:22:57.0046 0844 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:0211:22:59.0046 0844 ============================================================11:22:59.0046 0844 Current date / time: 2012/04/09 11:22:59.004611:22:59.0046 0844 SystemInfo:11:22:59.0046 0844 11:22:59.0046 0844 OS Version: 5.1.2600 ServicePack: 3.011:22:59.0046 0844 Product type: Workstation11:22:59.0046 0844 ComputerName: DESKTOP-111:22:59.0046 0844 UserName: John & Wendy11:22:59.0046 0844 Windows directory: C:\WINDOWS11:22:59.0046 0844 System windows directory: C:\WINDOWS11:22:59.0046 0844 Processor architecture: Intel x8611:22:59.0046 0844 Number of processors: 411:22:59.0046 0844 Page size: 0x100011:22:59.0046 0844 Boot type: Normal boot11:22:59.0046 0844 ============================================================11:23:00.0546 0844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:23:00.0578 0844 \Device\Harddisk0\DR0:11:23:00.0578 0844 MBR used11:23:00.0578 0844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D4111:23:00.0593 0844 Initialize success11:23:00.0593 0844 ============================================================11:24:52.0171 3592 ============================================================11:24:52.0171 3592 Scan started11:24:52.0171 3592 Mode: Manual;11:24:52.0171 3592 ============================================================11:24:52.0562 3592 Abiosdsk - ok11:24:52.0593 3592 abp480n5 - ok11:24:52.0656 3592 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe11:24:52.0656 3592 ac.sharedstore - ok11:24:52.0703 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys11:24:52.0703 3592 ACPI - ok11:24:52.0750 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys11:24:52.0750 3592 ACPIEC - ok11:24:52.0765 3592 acrsch2svc - ok11:24:52.0843 3592 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe11:24:52.0906 3592 AdobeFlashPlayerUpdateSvc - ok11:24:52.0906 3592 adpu160m - ok11:24:52.0906 3592 adpu320 - ok11:24:52.0937 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys11:24:52.0937 3592 aec - ok11:24:52.0953 3592 Afc - ok11:24:53.0000 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys11:24:53.0031 3592 AFD - ok11:24:53.0078 3592 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys11:24:53.0109 3592 AFS2K - ok11:24:53.0125 3592 Aha154x - ok11:24:53.0125 3592 aic78u2 - ok11:24:53.0140 3592 aic78xx - ok11:24:53.0140 3592 aksusb - ok11:24:53.0140 3592 ALABULK - ok11:24:53.0187 3592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll11:24:53.0187 3592 Alerter - ok11:24:53.0203 3592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe11:24:53.0203 3592 ALG - ok11:24:53.0218 3592 AliIde - ok11:24:53.0218 3592 AlteraByteBlaster - ok11:24:53.0281 3592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys11:24:53.0343 3592 Ambfilt - ok11:24:53.0359 3592 amsint - ok11:24:53.0359 3592 amusbprt - ok11:24:53.0359 3592 Angel2 - ok11:24:53.0406 3592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll11:24:53.0406 3592 AppMgmt - ok11:24:53.0421 3592 AR5416 - ok11:24:53.0421 3592 asc - ok11:24:53.0437 3592 asc3350p - ok11:24:53.0437 3592 asc3550 - ok11:24:53.0453 3592 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys11:24:53.0500 3592 AsIO - ok11:24:53.0546 3592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe11:24:53.0593 3592 aspnet_state - ok11:24:53.0703 3592 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe11:24:53.0703 3592 AsSysCtrlService - ok11:24:53.0703 3592 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys11:24:53.0750 3592 AsUpIO - ok11:24:53.0796 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys11:24:53.0812 3592 AsyncMac - ok11:24:53.0859 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys11:24:53.0859 3592 atapi - ok11:24:53.0859 3592 Atdisk - ok11:24:53.0875 3592 ati - ok11:24:53.0906 3592 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe11:24:53.0953 3592 Ati HotKey Poller - ok11:24:53.0984 3592 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe11:24:54.0093 3592 ATI Smart - ok11:24:54.0171 3592 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys11:24:54.0234 3592 ati2mtag - ok11:24:54.0250 3592 atitool - ok11:24:54.0250 3592 ATKFUSService - ok11:24:54.0296 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys11:24:54.0296 3592 Atmarpc - ok11:24:54.0343 3592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll11:24:54.0343 3592 AudioSrv - ok11:24:54.0390 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys11:24:54.0390 3592 audstub - ok11:24:54.0390 3592 autostore - ok11:24:54.0406 3592 AVRec - ok11:24:54.0406 3592 awecho - ok11:24:54.0421 3592 bdfdll - ok11:24:54.0453 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys11:24:54.0453 3592 Beep - ok11:24:54.0453 3592 besclient - ok11:24:54.0515 3592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll11:24:54.0515 3592 BITS - ok11:24:54.0531 3592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll11:24:54.0531 3592 Browser - ok11:24:54.0593 3592 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe11:24:54.0593 3592 Browser Defender Update Service - ok11:24:54.0609 3592 btnetfilter - ok11:24:54.0609 3592 BUFADPT - ok11:24:54.0609 3592 cachemgr - ok11:24:54.0625 3592 Cam5603C - ok11:24:54.0625 3592 Cam5603D - ok11:24:54.0656 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys11:24:54.0671 3592 cbidf2k - ok11:24:54.0671 3592 ccflic0 - ok11:24:54.0671 3592 cd20xrnt - ok11:24:54.0687 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys11:24:54.0687 3592 Cdaudio - ok11:24:54.0718 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys11:24:54.0718 3592 Cdfs - ok11:24:54.0750 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys11:24:54.0765 3592 Cdrom - ok11:24:54.0796 3592 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys11:24:54.0843 3592 cfwids - ok11:24:54.0843 3592 Changer - ok11:24:54.0859 3592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe11:24:54.0859 3592 CiSvc - ok11:24:54.0875 3592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe11:24:54.0875 3592 ClipSrv - ok11:24:54.0921 3592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:24:54.0953 3592 clr_optimization_v2.0.50727_32 - ok11:24:54.0968 3592 CmdIde - ok11:24:54.0968 3592 CnxTrUsb - ok11:24:54.0968 3592 comhost - ok11:24:54.0984 3592 COMSysApp - ok11:24:54.0984 3592 Cpqarray - ok11:24:55.0000 3592 cpqarry2 - ok11:24:55.0000 3592 cpqdfw - ok11:24:55.0000 3592 cpqdmi - ok11:24:55.0015 3592 cpucoolserver - ok11:24:55.0015 3592 cqmghost - ok11:24:55.0015 3592 crauto - ok11:24:55.0046 3592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll11:24:55.0046 3592 CryptSvc - ok11:24:55.0046 3592 ctljystk - ok11:24:55.0062 3592 CTSBLFX.DLL - ok11:24:55.0062 3592 cvslock - ok11:24:55.0062 3592 cwafadmincontroller - ok11:24:55.0109 3592 cxbu0wdm (0284c94fc495d8d08df24c18994c1662) C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys11:24:55.0187 3592 cxbu0wdm - ok11:24:55.0187 3592 dac2w2k - ok11:24:55.0203 3592 dac960nt - ok11:24:55.0203 3592 DCamUSBGrandTek - ok11:24:55.0218 3592 DCamUSBMke2 - ok11:24:55.0218 3592 DCamUSBSQTECH - ok11:24:55.0265 3592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll11:24:55.0281 3592 DcomLaunch - ok11:24:55.0281 3592 dcpflics - ok11:24:55.0281 3592 dcstor32 - ok11:24:55.0296 3592 defwatch - ok11:24:55.0343 3592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll11:24:55.0343 3592 Dhcp - ok11:24:55.0343 3592 dirms_defragmentation - ok11:24:55.0390 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys11:24:55.0390 3592 Disk - ok11:24:55.0390 3592 diskeeper - ok11:24:55.0406 3592 dlaudfam - ok11:24:55.0406 3592 dmadmin - ok11:24:55.0437 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys11:24:55.0453 3592 dmboot - ok11:24:55.0468 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys11:24:55.0468 3592 dmio - ok11:24:55.0484 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys11:24:55.0484 3592 dmload - ok11:24:55.0531 3592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll11:24:55.0531 3592 dmserver - ok11:24:55.0531 3592 DMUSBUSBDCam - ok11:24:55.0562 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys11:24:55.0578 3592 DMusic - ok11:24:55.0640 3592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll11:24:55.0671 3592 Dnscache - ok11:24:55.0687 3592 dnserver32 - ok11:24:55.0750 3592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll11:24:55.0750 3592 Dot3svc - ok11:24:55.0781 3592 dpti2o - ok11:24:55.0796 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys11:24:55.0796 3592 drmkaud - ok11:24:55.0859 3592 DvmMDES (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe11:24:55.0859 3592 DvmMDES - ok11:24:55.0859 3592 dwmrcs - ok11:24:55.0890 3592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll11:24:55.0890 3592 EapHost - ok11:24:55.0890 3592 edspport - ok11:24:55.0906 3592 egathdrv - ok11:24:55.0906 3592 ELmou - ok11:24:55.0921 3592 eloggersvc6 - ok11:24:55.0921 3592 elotouchscreen - ok11:24:55.0937 3592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll11:24:55.0937 3592 ERSvc - ok11:24:55.0953 3592 ET5Drv - ok11:24:55.0953 3592 EU3_USB - ok11:24:55.0984 3592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe11:24:56.0000 3592 Eventlog - ok11:24:56.0000 3592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll11:24:56.0000 3592 EventSystem - ok11:24:56.0015 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys11:24:56.0031 3592 Fastfat - ok11:24:56.0031 3592 fasttrackinstallerservice - ok11:24:56.0078 3592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll11:24:56.0109 3592 FastUserSwitchingCompatibility - ok11:24:56.0125 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys11:24:56.0140 3592 Fdc - ok11:24:56.0140 3592 fgdxbus - ok11:24:56.0140 3592 filechecker - ok11:24:56.0156 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys11:24:56.0171 3592 Fips - ok11:24:56.0171 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys11:24:56.0171 3592 Flpydisk - ok11:24:56.0218 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys11:24:56.0234 3592 FltMgr - ok11:24:56.0328 3592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe11:24:56.0343 3592 FontCache3.0.0.0 - ok11:24:56.0343 3592 Freedom - ok11:24:56.0359 3592 fshttps - ok11:24:56.0359 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys11:24:56.0359 3592 Fs_Rec - ok11:24:56.0375 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys11:24:56.0375 3592 Ftdisk - ok11:24:56.0390 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys11:24:56.0390 3592 Gpc - ok11:24:56.0500 3592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe11:24:56.0500 3592 gupdate - ok11:24:56.0546 3592 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys11:24:56.0625 3592 hamachi - ok11:24:56.0703 3592 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe11:24:56.0703 3592 Hamachi2Svc - ok11:24:56.0765 3592 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys11:24:56.0781 3592 HDAudBus - ok11:24:56.0796 3592 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys11:24:56.0875 3592 HECI - ok11:24:56.0906 3592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll11:24:56.0906 3592 helpsvc - ok11:24:56.0921 3592 HFACSVC - ok11:24:56.0937 3592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll11:24:56.0937 3592 HidServ - ok11:24:56.0968 3592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys11:24:56.0968 3592 hidusb - ok11:24:57.0000 3592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll11:24:57.0015 3592 hkmsvc - ok11:24:57.0015 3592 hpdskflt - ok11:24:57.0031 3592 HPFECP20 - ok11:24:57.0031 3592 hpn - ok11:24:57.0062 3592 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys11:24:57.0093 3592 HPZid412 - ok11:24:57.0109 3592 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys11:24:57.0140 3592 HPZipr12 - ok11:24:57.0203 3592 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys11:24:57.0234 3592 HPZius12 - ok11:24:57.0281 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys11:24:57.0281 3592 HTTP - ok11:24:57.0296 3592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll11:24:57.0296 3592 HTTPFilter - ok11:24:57.0296 3592 i2omgmt - ok11:24:57.0312 3592 i2omp - ok11:24:57.0343 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys11:24:57.0359 3592 i8042prt - ok11:24:57.0359 3592 iaantmon - ok11:24:57.0359 3592 iaimfp1 - ok11:24:57.0375 3592 iaimfp2 - ok11:24:57.0437 3592 ialm (bb7a533765e5578d22c388f2ec828ed6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys11:24:57.0484 3592 ialm - ok11:24:57.0500 3592 ibmpmdrv - ok11:24:57.0500 3592 icm10blk - ok11:24:57.0531 3592 ICM10USB - ok11:24:57.0546 3592 idechndr - ok11:24:57.0671 3592 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe11:24:57.0718 3592 IDriverT - ok11:24:57.0859 3592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe11:24:57.0921 3592 idsvc - ok11:24:57.0937 3592 iftpsvc - ok11:24:57.0953 3592 ikfileflt - ok11:24:57.0953 3592 iksysflt - ok11:24:58.0000 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys11:24:58.0000 3592 Imapi - ok11:24:58.0046 3592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe11:24:58.0046 3592 ImapiService - ok11:24:58.0062 3592 ini910u - ok11:24:58.0171 3592 IntcAzAudAddService (0c71866e54627717596e58c255815768) C:\WINDOWS\system32\drivers\RtkHDAud.sys11:24:58.0218 3592 IntcAzAudAddService - ok11:24:58.0265 3592 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys11:24:58.0343 3592 IntcDAud - ok11:24:58.0359 3592 IntelIde - ok11:24:58.0375 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys11:24:58.0375 3592 intelppm - ok11:24:58.0390 3592 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys11:24:58.0406 3592 ip6fw - ok11:24:58.0421 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys11:24:58.0437 3592 IpFilterDriver - ok11:24:58.0468 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys11:24:58.0468 3592 IpInIp - ok11:24:58.0484 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys11:24:58.0500 3592 IpNat - ok11:24:58.0515 3592 IPSec (90a9305f8727ddb9d5ea8189b520e463) C:\WINDOWS\system32\DRIVERS\ipsec.sys11:24:58.0515 3592 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 90a9305f8727ddb9d5ea8189b520e463, Fake md5: 23c74d75e36e7158768dd63d92789a9111:24:58.0515 3592 IPSec ( Virus.Win32.ZAccess.k ) - infected11:24:58.0515 3592 IPSec - detected Virus.Win32.ZAccess.k (0)11:24:58.0515 3592 IPSECSHM - ok11:24:58.0562 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys11:24:58.0562 3592 IRENUM - ok11:24:58.0562 3592 irmon - ok11:24:58.0609 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys11:24:58.0656 3592 isapnp - ok11:24:58.0750 3592 issuser - ok11:24:58.0921 3592 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe11:24:58.0921 3592 JavaQuickStarterService - ok11:24:58.0968 3592 JGOGO - ok11:24:59.0000 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys11:24:59.0000 3592 Kbdclass - ok11:24:59.0015 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys11:24:59.0015 3592 kmixer - ok11:24:59.0046 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys11:24:59.0046 3592 KSecDD - ok11:24:59.0062 3592 l8042pr2 - ok11:24:59.0093 3592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll11:24:59.0125 3592 lanmanserver - ok11:24:59.0156 3592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll11:24:59.0156 3592 lanmanworkstation - ok11:24:59.0171 3592 lbrtfdc - ok11:24:59.0171 3592 lhidusb - ok11:24:59.0187 3592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll11:24:59.0187 3592 LmHosts - ok11:24:59.0203 3592 lmimaint - ok11:24:59.0203 3592 LMouKE - ok11:24:59.0265 3592 LMS (d0e7ff91b52fe9fd2f9522b91f27cb09) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe11:24:59.0265 3592 LMS - ok11:24:59.0281 3592 lockmgr - ok11:24:59.0281 3592 ltck000c - ok11:24:59.0296 3592 lvselsus - ok11:24:59.0296 3592 lwwlicenseservice - ok11:24:59.0328 3592 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys11:24:59.0406 3592 MBAMProtector - ok11:24:59.0453 3592 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe11:24:59.0453 3592 MBAMService - ok11:24:59.0515 3592 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe11:24:59.0515 3592 McMPFSvc - ok11:24:59.0531 3592 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:24:59.0531 3592 mcmscsvc - ok11:24:59.0531 3592 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:24:59.0531 3592 McNaiAnn - ok11:24:59.0546 3592 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:24:59.0546 3592 McNASvc - ok11:24:59.0578 3592 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe11:24:59.0625 3592 McODS - ok11:24:59.0640 3592 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe11:24:59.0640 3592 McProxy - ok11:24:59.0671 3592 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe11:24:59.0671 3592 McShield - ok11:24:59.0765 3592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll11:24:59.0765 3592 Messenger - ok11:24:59.0781 3592 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys11:24:59.0828 3592 mfeapfk - ok11:24:59.0890 3592 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys11:24:59.0921 3592 mfeavfk - ok11:24:59.0937 3592 mfeavfk01 - ok11:24:59.0968 3592 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys11:25:00.0000 3592 mfebopk - ok11:25:00.0046 3592 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe11:25:00.0046 3592 mfefire - ok11:25:00.0078 3592 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys11:25:00.0125 3592 mfefirek - ok11:25:00.0140 3592 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys11:25:00.0234 3592 mfehidk - ok11:25:00.0250 3592 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys11:25:00.0296 3592 mfendisk - ok11:25:00.0296 3592 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys11:25:00.0296 3592 mfendiskmp - ok11:25:00.0328 3592 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys11:25:00.0359 3592 mferkdet - ok11:25:00.0390 3592 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys11:25:00.0437 3592 mfetdi2k - ok11:25:00.0484 3592 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe11:25:00.0484 3592 mfevtp - ok11:25:00.0484 3592 mhn - ok11:25:00.0593 3592 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe11:25:00.0640 3592 Microsoft Office Groove Audit Service - ok11:25:00.0671 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys11:25:00.0671 3592 mnmdd - ok11:25:00.0703 3592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe11:25:00.0703 3592 mnmsrvc - ok11:25:00.0718 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys11:25:00.0734 3592 Modem - ok11:25:00.0765 3592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys11:25:00.0828 3592 Monfilt - ok11:25:00.0843 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys11:25:00.0859 3592 Mouclass - ok11:25:00.0890 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys11:25:00.0906 3592 mouhid - ok11:25:00.0921 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys11:25:00.0921 3592 MountMgr - ok11:25:00.0921 3592 mraid35x - ok11:25:00.0953 3592 MREMPR5 - ok11:25:00.0968 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys11:25:00.0968 3592 MRxDAV - ok11:25:01.0000 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys11:25:01.0078 3592 MRxSmb - ok11:25:01.0078 3592 mscsptisrv - ok11:25:01.0125 3592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe11:25:01.0125 3592 MSDTC - ok11:25:01.0140 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys11:25:01.0140 3592 Msfs - ok11:25:01.0140 3592 MSIServer - ok11:25:01.0171 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys11:25:01.0171 3592 MSKSSRV - ok11:25:01.0187 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys11:25:01.0187 3592 MSPCLOCK - ok11:25:01.0203 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys11:25:01.0203 3592 MSPQM - ok11:25:01.0234 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys11:25:01.0234 3592 mssmbios - ok11:25:01.0250 3592 mssql$sony_mediamgr - ok11:25:01.0250 3592 mssqlserver - ok11:25:01.0281 3592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys11:25:01.0296 3592 MTsensor - ok11:25:01.0312 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys11:25:01.0343 3592 Mup - ok11:25:01.0359 3592 mvwebserver - ok11:25:01.0359 3592 mxserver - ok11:25:01.0390 3592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll11:25:01.0406 3592 napagent - ok11:25:01.0437 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys11:25:01.0437 3592 NDIS - ok11:25:01.0453 3592 Ndisipo - ok11:25:01.0468 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys11:25:01.0515 3592 NdisTapi - ok11:25:01.0531 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys11:25:01.0546 3592 Ndisuio - ok11:25:01.0546 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys11:25:01.0562 3592 NdisWan - ok11:25:01.0609 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys11:25:01.0640 3592 NDProxy - ok11:25:01.0656 3592 NeroMediaHomeService.4 - ok11:25:01.0656 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys11:25:01.0671 3592 NetBIOS - ok11:25:01.0687 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys11:25:01.0703 3592 NetBT - ok11:25:01.0734 3592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe11:25:01.0734 3592 NetDDE - ok11:25:01.0734 3592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe11:25:01.0734 3592 NetDDEdsdm - ok11:25:01.0765 3592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe11:25:01.0765 3592 Netlogon - ok11:25:01.0781 3592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll11:25:01.0796 3592 Netman - ok11:25:01.0921 3592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe11:25:01.0921 3592 NetTcpPortSharing - ok11:25:01.0984 3592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll11:25:01.0984 3592 Nla - ok11:25:02.0000 3592 NMSAccessU - ok11:25:02.0000 3592 NMSSvc - ok11:25:02.0015 3592 nnsvc - ok11:25:02.0046 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys11:25:02.0046 3592 Npfs - ok11:25:02.0062 3592 NSSvcMgr - ok11:25:02.0078 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys11:25:02.0078 3592 Ntfs - ok11:25:02.0109 3592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe11:25:02.0125 3592 NtLmSsp - ok11:25:02.0140 3592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll11:25:02.0140 3592 NtmsSvc - ok11:25:02.0156 3592 NuidFltr - ok11:25:02.0171 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys11:25:02.0171 3592 Null - ok11:25:02.0390 3592 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys11:25:02.0468 3592 nv - ok11:25:02.0500 3592 nvata - ok11:25:02.0562 3592 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys11:25:02.0593 3592 NVHDA - ok11:25:02.0609 3592 NVR0FLASHDev - ok11:25:02.0640 3592 NVSvc (2e6ed9fe65a9b3ec606603ed0f33dd7d) C:\WINDOWS\system32\nvsvc32.exe11:25:02.0640 3592 NVSvc - ok11:25:02.0750 3592 nvUpdatusService (3c09cc7992a8adecd1fddfd5d8e69bae) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe11:25:02.0750 3592 nvUpdatusService - ok11:25:02.0765 3592 NWHOST - ok11:25:02.0796 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys11:25:02.0796 3592 NwlnkFlt - ok11:25:02.0812 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys11:25:02.0812 3592 NwlnkFwd - ok11:25:02.0906 3592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE11:25:02.0968 3592 odserv - ok11:25:02.0968 3592 ofcpfwsvc - ok11:25:02.0968 3592 ohci1394 - ok11:25:02.0984 3592 oraclemtsrecoveryservice - ok11:25:03.0000 3592 oracleorahome90agent - ok11:25:03.0000 3592 OracleOraHome92ClientCache - ok11:25:03.0015 3592 oracleorahometnslistener - ok11:25:03.0062 3592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:25:03.0093 3592 ose - ok11:25:03.0109 3592 owstimer - ok11:25:03.0109 3592 parallel - ok11:25:03.0156 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys11:25:03.0156 3592 Parport - ok11:25:03.0156 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys11:25:03.0171 3592 PartMgr - ok11:25:03.0187 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys11:25:03.0187 3592 ParVdm - ok11:25:03.0203 3592 pcctlcom - ok11:25:03.0218 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys11:25:03.0218 3592 PCI - ok11:25:03.0234 3592 PCIDump - ok11:25:03.0250 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys11:25:03.0250 3592 PCIIde - ok11:25:03.0265 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys11:25:03.0265 3592 Pcmcia - ok11:25:03.0312 3592 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys11:25:03.0375 3592 PCTBD - ok11:25:03.0437 3592 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys11:25:03.0515 3592 PCTCore - ok11:25:03.0562 3592 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys11:25:03.0609 3592 pctDS - ok11:25:03.0640 3592 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys11:25:03.0734 3592 pctEFA - ok11:25:03.0796 3592 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\WINDOWS\system32\drivers\pctgntdi.sys11:25:03.0859 3592 pctgntdi - ok11:25:03.0890 3592 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\WINDOWS\system32\drivers\pctplsg.sys11:25:03.0968 3592 pctplsg - ok11:25:04.0093 3592 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys11:25:04.0171 3592 PCTSD - ok11:25:04.0171 3592 PDCOMP - ok11:25:04.0187 3592 PDFRAME - ok11:25:04.0187 3592 pdlnecfg - ok11:25:04.0203 3592 PDRELI - ok11:25:04.0203 3592 PDRFRAME - ok11:25:04.0218 3592 perc2 - ok11:25:04.0218 3592 perc2hib - ok11:25:04.0234 3592 pfmodnt - ok11:25:04.0265 3592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe11:25:04.0265 3592 PlugPlay - ok11:25:04.0296 3592 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe11:25:04.0312 3592 Pml Driver HPZ12 - ok11:25:04.0328 3592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe11:25:04.0328 3592 PolicyAgent - ok11:25:04.0359 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys11:25:04.0359 3592 PptpMiniport - ok11:25:04.0375 3592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys11:25:04.0375 3592 Processor - ok11:25:04.0375 3592 ProcObsrv - ok11:25:04.0390 3592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe11:25:04.0390 3592 ProtectedStorage - ok11:25:04.0390 3592 psasrv - ok11:25:04.0406 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys11:25:04.0406 3592 PSched - ok11:25:04.0406 3592 PTDCBus - ok11:25:04.0421 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys11:25:04.0421 3592 Ptilink - ok11:25:04.0453 3592 purendis - ok11:25:04.0468 3592 qfcoresvc - ok11:25:04.0468 3592 ql1080 - ok11:25:04.0484 3592 Ql10wnt - ok11:25:04.0484 3592 ql12160 - ok11:25:04.0484 3592 ql1240 - ok11:25:04.0500 3592 ql1280 - ok11:25:04.0500 3592 qserver - ok11:25:04.0515 3592 racsvc - ok11:25:04.0515 3592 rampartsvc - ok11:25:04.0531 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys11:25:04.0531 3592 RasAcd - ok11:25:04.0562 3592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll11:25:04.0578 3592 RasAuto - ok11:25:04.0593 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys11:25:04.0593 3592 Rasl2tp - ok11:25:04.0625 3592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll11:25:04.0625 3592 RasMan - ok11:25:04.0640 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys11:25:04.0640 3592 RasPppoe - ok11:25:04.0671 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys11:25:04.0671 3592 Raspti - ok11:25:04.0703 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys11:25:04.0703 3592 Rdbss - ok11:25:04.0718 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys11:25:04.0734 3592 RDPCDD - ok11:25:04.0750 3592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys11:25:04.0750 3592 rdpdr - ok11:25:04.0812 3592 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys11:25:04.0890 3592 RDPWD - ok11:25:04.0937 3592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe11:25:04.0937 3592 RDSessMgr - ok11:25:04.0968 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys11:25:04.0968 3592 redbook - ok11:25:05.0031 3592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll11:25:05.0031 3592 RemoteAccess - ok11:25:05.0046 3592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll11:25:05.0062 3592 RemoteRegistry - ok11:25:05.0062 3592 ROOTUSB - ok11:25:05.0062 3592 roxliveshare9 - ok11:25:05.0093 3592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe11:25:05.0093 3592 RpcLocator - ok11:25:05.0140 3592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll11:25:05.0140 3592 RpcSs - ok11:25:05.0140 3592 RSAFAL - ok11:25:05.0171 3592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe11:25:05.0187 3592 RSVP - ok11:25:05.0187 3592 rt73 - ok11:25:05.0187 3592 RTL8169 - ok11:25:05.0250 3592 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys11:25:05.0281 3592 RTLE8023xp - ok11:25:05.0296 3592 RTSTOR - ok11:25:05.0328 3592 rxmssync - ok11:25:05.0328 3592 s116bus - ok11:25:05.0328 3592 s116obex - ok11:25:05.0343 3592 s116unic - ok11:25:05.0343 3592 s125mdm - ok11:25:05.0359 3592 S3GIGP - ok11:25:05.0359 3592 s616obex - ok11:25:05.0406 3592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe11:25:05.0406 3592 SamSs - ok11:25:05.0406 3592 sansaservice - ok11:25:05.0421 3592 sbhooksvc - ok11:25:05.0453 3592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe11:25:05.0453 3592 SCardSvr - ok11:25:05.0500 3592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll11:25:05.0515 3592 Schedule - ok11:25:05.0546 3592 SCR3XX2K (b590c6b740a85130e88d35d007691eb4) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys11:25:05.0609 3592 SCR3XX2K - ok11:25:05.0718 3592 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe11:25:05.0718 3592 sdAuxService - ok11:25:05.0718 3592 sdbus - ok11:25:05.0734 3592 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe11:25:05.0734 3592 sdCoreService - ok11:25:05.0750 3592 SE27bus - ok11:25:05.0750 3592 SE2Cmgmt - ok11:25:05.0765 3592 se58mdm - ok11:25:05.0796 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys11:25:05.0796 3592 Secdrv - ok11:25:05.0812 3592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll11:25:05.0812 3592 seclogon - ok11:25:05.0812 3592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll11:25:05.0828 3592 SENS - ok11:25:05.0843 3592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys11:25:05.0843 3592 serenum - ok11:25:05.0859 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys11:25:05.0859 3592 Serial - ok11:25:05.0890 3592 SetupNT - ok11:25:05.0921 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys11:25:05.0921 3592 Sfloppy - ok11:25:05.0921 3592 sglfb - ok11:25:05.0968 3592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll11:25:05.0984 3592 SharedAccess - ok11:25:05.0984 3592 shdserv - ok11:25:06.0031 3592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll11:25:06.0031 3592 ShellHWDetection - ok11:25:06.0046 3592 Simbad - ok11:25:06.0046 3592 siside - ok11:25:06.0046 3592 smrt - ok11:25:06.0062 3592 softfax - ok11:25:06.0062 3592 Sparrow - ok11:25:06.0078 3592 spbbcsvc - ok11:25:06.0078 3592 speedfan - ok11:25:06.0125 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys11:25:06.0125 3592 splitter - ok11:25:06.0171 3592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe11:25:06.0203 3592 Spooler - ok11:25:06.0218 3592 SprintRcAppSvc - ok11:25:06.0218 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys11:25:06.0234 3592 sr - ok11:25:06.0250 3592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll11:25:06.0250 3592 srservice - ok11:25:06.0296 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys11:25:06.0343 3592 Srv - ok11:25:06.0343 3592 SrvcEKIOMngr - ok11:25:06.0359 3592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll11:25:06.0359 3592 SSDPSRV - ok11:25:06.0390 3592 ssoftservice - ok11:25:06.0406 3592 sstpsvc - ok11:25:06.0468 3592 Steam Client Service - ok11:25:06.0484 3592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll11:25:06.0484 3592 stisvc - ok11:25:06.0484 3592 stylexphelper - ok11:25:06.0515 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys11:25:06.0515 3592 swenum - ok11:25:06.0578 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys11:25:06.0578 3592 swmidi - ok11:25:06.0578 3592 SWMX00 - ok11:25:06.0593 3592 SwPrv - ok11:25:06.0593 3592 SWUMX20 - ok11:25:06.0609 3592 symc810 - ok11:25:06.0609 3592 symc8xx - ok11:25:06.0625 3592 symsecureport - ok11:25:06.0625 3592 sym_hi - ok11:25:06.0640 3592 sym_u3 - ok11:25:06.0671 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys11:25:06.0671 3592 sysaudio - ok11:25:06.0718 3592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe11:25:06.0718 3592 SysmonLog - ok11:25:06.0765 3592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll11:25:06.0765 3592 TapiSrv - ok11:25:06.0812 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys11:25:06.0812 3592 Tcpip - ok11:25:06.0859 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys11:25:06.0859 3592 TDPIPE - ok11:25:06.0875 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys11:25:06.0875 3592 TDTCP - ok11:25:06.0906 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys11:25:06.0906 3592 TermDD - ok11:25:06.0921 3592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll11:25:06.0937 3592 TermService - ok11:25:06.0937 3592 TestHandler - ok11:25:06.0984 3592 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys11:25:07.0015 3592 TfFsMon - ok11:25:07.0046 3592 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys11:25:07.0125 3592 TfNetMon - ok11:25:07.0140 3592 tfsndrct - ok11:25:07.0156 3592 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys11:25:07.0234 3592 TFSysMon - ok11:25:07.0281 3592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll11:25:07.0296 3592 Themes - ok11:25:07.0375 3592 ThreatFire - ok11:25:07.0406 3592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe11:25:07.0406 3592 TlntSvr - ok11:25:07.0421 3592 tnidriver - ok11:25:07.0421 3592 TosIde - ok11:25:07.0421 3592 tosrfec - ok11:25:07.0468 3592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll11:25:07.0468 3592 TrkWks - ok11:25:07.0468 3592 tunnelguardservice - ok11:25:07.0484 3592 U2SP - ok11:25:07.0484 3592 U81xbus - ok11:25:07.0515 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys11:25:07.0515 3592 Udfs - ok11:25:07.0531 3592 ultra - ok11:25:07.0578 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys11:25:07.0578 3592 Update - ok11:25:07.0593 3592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll11:25:07.0593 3592 upnphost - ok11:25:07.0609 3592 upperdev - ok11:25:07.0625 3592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe11:25:07.0640 3592 UPS - ok11:25:07.0640 3592 us30service - ok11:25:07.0687 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys11:25:07.0687 3592 usbccgp - ok11:25:07.0734 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys11:25:07.0734 3592 usbehci - ok11:25:07.0765 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys11:25:07.0765 3592 usbhub - ok11:25:07.0796 3592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys11:25:07.0796 3592 usbprint - ok11:25:07.0843 3592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys11:25:07.0843 3592 usbscan - ok11:25:07.0875 3592 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS11:25:07.0875 3592 usbstor - ok11:25:07.0875 3592 usnsvc - ok11:25:07.0890 3592 v2imount - ok11:25:07.0890 3592 VAIOMediaPlatform-PhotoServer-HTTP - ok11:25:07.0890 3592 vetfddnt - ok11:25:07.0921 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys11:25:07.0921 3592 VgaSave - ok11:25:07.0921 3592 ViaIde - ok11:25:07.0937 3592 viaudio - ok11:25:07.0937 3592 VirtualFD - ok11:25:07.0953 3592 vmnetdhcp - ok11:25:07.0953 3592 vncmirror - ok11:25:07.0968 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys11:25:07.0968 3592 VolSnap - ok11:25:07.0984 3592 vpcbus - ok11:25:08.0015 3592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe11:25:08.0031 3592 VSS - ok11:25:08.0062 3592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll11:25:08.0062 3592 W32Time - ok11:25:08.0078 3592 w39n51 - ok11:25:08.0078 3592 W700mdfl - ok11:25:08.0093 3592 w800bus - ok11:25:08.0093 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys11:25:08.0093 3592 Wanarp - ok11:25:08.0140 3592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys11:25:08.0203 3592 WDC_SAM - ok11:25:08.0281 3592 WDDMService (0220362deb2a21551b418d61f3153347) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe11:25:08.0281 3592 WDDMService - ok11:25:08.0281 3592 WDICA - ok11:25:08.0312 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys11:25:08.0312 3592 wdmaud - ok11:25:08.0312 3592 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe11:25:08.0312 3592 WDSmartWareBackgroundService - ok11:25:08.0359 3592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll11:25:08.0359 3592 WebClient - ok11:25:08.0359 3592 websensepolicyserver - ok11:25:08.0375 3592 websenseuserservice - ok11:25:08.0375 3592 WIBUKEY - ok11:25:08.0390 3592 win32sl - ok11:25:08.0390 3592 windrvNT - ok11:25:08.0406 3592 WINIO - ok11:25:08.0453 3592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll11:25:08.0453 3592 winmgmt - ok11:25:08.0546 3592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll11:25:08.0546 3592 WmdmPmSN - ok11:25:08.0593 3592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll11:25:08.0593 3592 Wmi - ok11:25:08.0625 3592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe11:25:08.0640 3592 WmiApSrv - ok11:25:08.0718 3592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe11:25:08.0734 3592 WMPNetworkSvc - ok11:25:08.0750 3592 wpsdrvnt - ok11:25:08.0781 3592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys11:25:08.0781 3592 WS2IFSL - ok11:25:08.0781 3592 WscNetDr - ok11:25:08.0828 3592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll11:25:08.0828 3592 wscsvc - ok11:25:08.0843 3592 Wtcls2k - ok11:25:08.0890 3592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll11:25:08.0906 3592 wuauserv - ok11:25:08.0937 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys11:25:08.0937 3592 WudfPf - ok11:25:08.0953 3592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys11:25:08.0953 3592 WudfRd - ok11:25:08.0968 3592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll11:25:08.0968 3592 WudfSvc - ok11:25:09.0015 3592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll11:25:09.0015 3592 WZCSVC - ok11:25:09.0031 3592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll11:25:09.0046 3592 xmlprov - ok11:25:09.0046 3592 z525obex - ok11:25:09.0046 3592 zebrceb - ok11:25:09.0062 3592 ziptoa - ok11:25:09.0062 3592 {6080a529-897e-4629-a488-aba0c29b635e} - ok11:25:09.0078 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR011:25:09.0453 3592 \Device\Harddisk0\DR0 - ok11:25:09.0453 3592 Boot (0x1200) (29308bf9cd62c6b903bf327837d16705) \Device\Harddisk0\DR0\Partition011:25:09.0453 3592 \Device\Harddisk0\DR0\Partition0 - ok11:25:09.0453 3592 ============================================================11:25:09.0453 3592 Scan finished11:25:09.0453 3592 ============================================================11:25:09.0468 5628 Detected object count: 111:25:09.0468 5628 Actual detected object count: 111:25:34.0312 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine11:25:40.0875 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - copied to quarantine11:25:40.0906 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - copied to quarantine11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - copied to quarantine11:25:40.0968 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - copied to quarantine11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - copied to quarantine11:25:41.0046 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - copied to quarantine11:25:41.0125 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\L\regyfamx - copied to quarantine11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - copied to quarantine11:25:41.0156 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - copied to quarantine11:25:41.0171 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - copied to quarantine11:25:41.0218 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - copied to quarantine11:25:41.0250 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - copied to quarantine11:25:41.0296 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - copied to quarantine11:25:41.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - copied to quarantine11:25:41.0453 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - copied to quarantine11:25:41.0546 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - copied to quarantine11:25:42.0062 5628 Backup copy found, using it..11:25:42.0078 5628 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\2220560526 - will be deleted on reboot11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\@ - will be deleted on reboot11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\bckfg.tmp - will be deleted on reboot11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\cfg.ini - will be deleted on reboot11:25:43.0781 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\Desktop.ini - will be deleted on reboot11:25:43.0796 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\keywords - will be deleted on reboot11:25:44.0062 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\kwrd.dll - will be deleted on reboot11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\lsflt7.ver - will be deleted on reboot11:25:44.0312 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\oemid - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000001.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000002.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\00000004.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000000.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000004.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\U\80000032.@ - will be deleted on reboot11:25:44.0390 5628 C:\WINDOWS\$NtUninstallKB3372$\3468411799\version - will be deleted on reboot11:25:44.0390 5628 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure11:26:02.0046 4196 Deinitialize successHere is the log from ComboFix: ComboFix 12-04-09.04 - John & Wendy 04/09/2012 11:46:37.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3575.2535 [GMT -4:00]Running from: c:\documents and settings\John & Wendy\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMPc:\windows\system32\dds_trash_log.cmdc:\windows\system32\dllcache\dlimport.exec:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\s125mdm.dll.Infected copy of c:\windows\system32\userinit.exe was found and disinfectedRestored copy from - c:\windows\ServicePackFiles\i386\userinit.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_MREMPR5-------\Legacy_SERVICE-------\Legacy_TNIDRIVER-------\Service_MREMPR5-------\Service_service-------\Service_tnidriver..((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))..2012-04-09 15:25 . 2012-04-09 15:25 98992 ----a-w- c:\windows\system32\drivers\67092840.sys2012-04-09 15:25 . 2012-04-09 15:25 75264 ----a-w- c:\windows\system32\drivers\tsk3C.tmp2012-04-09 15:25 . 2012-04-09 15:25 -------- d-----w- C:\TDSSKiller_Quarantine2012-04-06 17:23 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi2012-04-06 17:15 . 2012-04-06 17:15 -------- d-----w- c:\documents and settings\Zach\Application Data\PureEdge2012-04-06 02:28 . 2012-04-06 13:33 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\LogMeIn Hamachi2012-04-06 02:28 . 2012-04-09 16:07 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\LogMeIn Hamachi2012-04-06 02:27 . 2012-04-06 02:27 -------- d-----w- c:\program files\LogMeIn Hamachi2012-04-05 02:56 . 2012-04-05 02:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-04-05 02:26 . 2012-04-05 02:26 -------- d-----w- c:\documents and settings\John & Wendy\Local Settings\Application Data\PCHealth2012-04-05 01:55 . 2012-04-05 01:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2012-04-05 00:29 . 2012-04-05 00:29 -------- d-----w- c:\documents and settings\Zach\Application Data\NVIDIA2012-04-04 23:50 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll2012-04-04 23:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2012-04-04 21:51 . 2012-04-04 21:51 -------- d-----w- C:\6802ba65daf0b3e7922012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- c:\program files\Ask.com2012-04-04 21:39 . 2012-04-04 21:39 -------- d-----w- C:\Firefox2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\Google2012-04-04 21:34 . 2012-04-04 21:34 -------- d-----w- c:\program files\Common Files\Java2012-04-04 21:33 . 2012-04-04 21:33 -------- d--h--w- c:\documents and settings\Zach\InstallAnywhere2012-04-04 21:29 . 2012-04-04 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask2012-04-04 21:01 . 2012-04-04 21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-04-04 20:50 . 2012-04-04 20:51 -------- d-----w- c:\program files\Minecraft2012-04-02 22:00 . 2012-02-24 13:16 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys2012-04-02 22:00 . 2012-02-24 13:16 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys2012-04-02 22:00 . 2012-02-24 13:16 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys2012-03-31 19:04 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp2012-03-31 19:03 . 2012-03-31 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2012-03-31 19:03 . 2012-03-31 19:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Temp2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Google2012-03-31 18:59 . 2012-03-31 19:00 -------- d-----w- c:\program files\Google2012-03-31 18:56 . 2011-09-28 17:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys2012-03-31 18:55 . 2012-02-24 14:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys2012-03-31 18:55 . 2012-02-24 14:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\documents and settings\UpdatusUser\Application Data\TestApp2012-03-31 18:49 . 2012-03-31 18:49 -------- d-sh--w- c:\documents and settings\UpdatusUser\PrivacIE2012-03-31 18:48 . 2012-03-31 18:48 -------- d-sh--w- c:\documents and settings\UpdatusUser\IECompatCache2012-03-31 18:48 . 2012-03-31 18:48 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\Threat Expert...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-05 02:56 . 2011-05-17 22:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-04-04 21:28 . 2011-03-27 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll2012-03-17 20:55 . 2012-03-31 18:41 3277632 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old2012-02-24 14:37 . 2011-12-12 00:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys2012-02-24 14:31 . 2011-12-12 00:43 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2012-02-17 19:08 . 2011-12-12 03:10 149456 ----a-w- c:\windows\SGDetectionTool.dll2012-02-17 19:08 . 2011-12-12 03:10 2250704 ----a-w- c:\windows\PCTBDCore.dll2012-02-17 19:08 . 2011-12-12 03:10 1681360 ----a-w- c:\windows\PCTBDRes.dll2012-02-17 19:08 . 2011-12-12 03:10 767952 ----a-w- c:\windows\BDTSupport.dll2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ApproveItForOfficeSetup"="c:\program files\APPROVEIT" [X]"RTHDCPL"="RTHDCPL.EXE" [2010-01-29 18790432]"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-12 174616]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-12 145432]"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2012-02-24 2659768]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Tyler\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].c:\documents and settings\Zach\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].c:\documents and settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnkbackup=c:\windows\pss\ApproveIt StartUp.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]2009-12-28 22:49 121472 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]2006-01-02 20:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2010-04-12 05:57 141848 ----a-r- c:\windows\system32\igfxtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2011-06-12 16:08 98304 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]2002-04-17 15:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]2011-12-24 22:31 1242448 ----a-w- c:\program files\Steam\steam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"="c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/11/2011 8:43 PM 331880]R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/11/2011 8:43 PM 342168]R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/11/2011 8:43 PM 909728]R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [4/2/2012 6:00 PM 54328]R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/2/2012 6:00 PM 574424]R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1/6/2011 11:15 PM 11448]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/15/2011 5:48 PM 89792]R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/11/2011 8:43 PM 253352]R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [3/31/2012 2:55 PM 185560]R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [1/6/2011 11:15 PM 96896]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2011 11:10 PM 550864]R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [10/16/2009 11:42 AM 319488]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/28/2012 5:38 PM 1373576]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 9:28 PM 652360]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/15/2011 5:48 PM 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/15/2011 5:48 PM 160608]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/15/2011 5:48 PM 150856]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 10:13 AM 2255464]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/11/2011 8:42 PM 402336]R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/15/2011 5:48 PM 57600]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 9:28 PM 20464]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/15/2011 5:48 PM 338176]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:55 AM 119528]R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [3/31/2012 2:56 PM 56840]R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/11/2011 8:42 PM 70536]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2012 2:59 PM 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:56 PM 253600]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/6/2011 8:27 PM 1691480]S3 cxbu0wdm;SmartTerminal XX44;c:\windows\system32\drivers\cxbu0wdm.sys [12/20/2011 10:49 AM 114304]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1/6/2011 9:32 PM 235520]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/15/2011 5:48 PM 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/15/2011 5:48 PM 87656]S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [1/7/2010 12:19 AM 57856]S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [4/2/2012 6:00 PM 35264]S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2011 4:49 PM 11520].--- Other Services/Drivers In Memory ---.*NewlyCreated* - DATUNIDR*Deregistered* - mfeavfk01*Deregistered* - PCTSDInjDriver32.NETSVCS REQUIRES REPAIRS - current entries shown6to4AppMgmtAudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatibilityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNWCWorkstationNwsapagentRasautoRasmanNMSAccessUibmsmbusfilterservicebtnetfilterASNDIS5pxfhbusO2SCBUSlhidusbfasttrackinstallerservicenalntserviceSE2BmdflpavdrvghoststartservicefreebsdDgiVecplicenseStkScans3psddrlxcz_deviceV0080Deviftpsvcoracleorahome90agentNeroMediaHomeService.4OracleOraHome92ClientCacheS3GIGPqserverwebsenseuserservicetransbaseserviceAmdLLDwhoisd32FsVganimcdlbksfmanrollbackclientserviceMRESP50RTHDMIAzAudServiceWDM_YAMAHAAC97cq_memmilshieldcleanermferkdkUSBModemPID_08A0LMouKEsymappcorerchosttraprcvrAeLookupSvclxcccustomerconnectsfhlp01ipodserviceuphcleancxlptzebrcebnnsvcatitoolET5Drvdefwatcheloggersvc6sisidelbtservtsmapipse59mgmttvichw32symsecureportPTDCBussdbusdcstor32tfsndrctupperdevsmrtNuidFltrCnxTrUsbse58mdmdlaudfamFreedomcpqdmiSetupNTnvatamssql$sony_mediamgrapfiltrservicecbidfelotouchscreenCam5603CIPSECSHMSprintRcAppSvcs116busEU3_USBDCamUSBMke2vpcbusikfilefltctljystkoraclemtsrecoveryserviceroxliveshare9dcpflicsvetfddntz525obexw39n51racsvckonfigICM10USBRTL8169RSAFALcqmghostirmonNMSSvcELmouAfcibmpmdrvadpu320Ndisipous30serviceAR5416ssoftservicew800busv2imountHPFECP20mhn{6080a529-897e-4629-a488-aba0c29b635e}W700mdflautostores116unicnmsaccessl8042pr2mscsptisrvU81xbuslockmgrrampartsvcidechndrtunnelguardserviceowstimerDCamUSBSQTECHsbhooksvclwwlicenseserviceaksusbfgdxbusdwmrcsRTSTORbesclientawechoatilvselsusROOTUSBHFACSVCdatunidradobeversioncueSE2CmgmtATKFUSServiceSWMX00ProcObsrvAngel2pfmodntSrvcEKIOMngrccflic0ALABULKoracleorahometnslistenerDCamUSBGrandTekcwafadmincontrollersglfbCTSBLFX.DLLcpqarry2s125mdmbdfdllWscNetDrhpdskfltstylexphelperltck000cJGOGOcpucoolserversstpsvcwebsensepolicyserversoftfaxAVRecWIBUKEYU2SPviaudioamusbprtwpsdrvntdnserver32WINIOiaantmonpcctlcomDMUSBUSBDCamAlteraByteBlasterCam5603Dpurendisohci1394parallelziptoalsdiorwU3sHlpDrusnsvcVirtualFDdirms_defragmentationtosrfecs116obexrxmssynccomhostWtcls2kiaimfp1lmimaintspbbcsvcfilecheckercvslockegathdrvissuserspeedfansansaserviceoraclesnmppeerencapsulators616obexmvwebserverdiskeepercpqdfwiaimfp2SE27busmxservervmnetdhcpTestHandleredspportNSSvcMgrqfcoresvccrautomssqlserverfshttpspdlnecfgBUFADPTcachemgrbufservadiloaderPSI_SVC_2rt73sprtsvc_dellsupportcenterbackupexecrpcservicepchostiolodmvNWHOSTshdservbthpanrupsdsurveyorse2End5ctaud2kw800mdflcis1284tvtpktfilterdigisptiservicequickhealfirewallkraidsvcawhost32backupexecalertserverXUIFamdppmAF15BDAwin32slpavprsrvtimounterde_servoracle_load_balancer_60_client-forms6irnadirmultiplexorpsdistributionagentql2100iksysfltvncmirrorVAIOMediaPlatform-PhotoServer-HTTPSWUMX20NVR0FLASHDevacrsch2svcwlmel51bwindrvNTofcpfwsvcwinachsxInvokerarcltsrvAsDsmicm10blkqbcfmonitorserviceha10kx2kwacommousefilterSQLAgent$ABBEYIIOFFLINEVHidMinidrveeyeevntnavapelpsasrvSE26mdmappdrvMTDVC2S7oppilxpdlndlpbW8335XPtunmpRemoteaccessScheduleSeclogonSENSSharedaccessSRServiceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtTermServicewuauservBITSShellHWDetectionhelpsvcxmlprovwscsvcWmdmPmSNnapagenthkmsvc.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs..Contents of the 'Scheduled Tasks' folder.2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:56].2012-04-09 c:\windows\Tasks\HP Usg Daily.job- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2011-01-09 04:55]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = 127.0.0.1IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllLSP: mswsock.dllHandler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dllDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKLM-Run-PCTools FGuard - c:\program files\PC Tools Security\BDT\FGuard.exeSafeBoot-51262312.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-04-09 12:07Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-789336058-2077806209-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:59,46,75,ac,71,11,35,86,6c,80,40,84,24,75,9f,dd,74,27,68,bb,47, 58,6a,67,a7,28,46,55,5b,3c,86,32,68,5a,ef,ee,a0,54,7f,b9,2f,a7,80,61,19,d8,\"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1352)c:\program files\ActivIdentity\ActivClient\ackpbsc.dllc:\program files\ActivIdentity\ActivClient\aclog.dllc:\program files\ActivIdentity\ActivClient\accrypto.dllc:\program files\ActivIdentity\ActivClient\ACLIBEAY.dllc:\program files\ActivIdentity\ActivClient\acevtsub.dllc:\program files\ActivIdentity\ActivClient\asphat32.dllc:\program files\ActivIdentity\ActivClient\acerrmes.dllc:\program files\ActivIdentity\ActivClient\aiwinext.dllc:\program files\ActivIdentity\ActivClient\aspcom.dllc:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dllc:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dllc:\windows\system32\Ati2evxx.dllc:\program files\ActivIdentity\ActivClient\acunlock.dllc:\program files\ActivIdentity\ActivClient\aipingui.dllc:\program files\ActivIdentity\ActivClient\aicext.dllc:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dllc:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dllc:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dllc:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll.- - - - - - - > 'lsass.exe'(1408)c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\windows\system32\mswsock.dllmswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(5996)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\hnetcfg.dllc:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\windows\system32\mswsock.dllmswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\System32\SCardSvr.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exec:\windows\system32\nvsvc32.exec:\program files\PC Tools Security\pctsSvc.exec:\program files\Common Files\McAfee\SystemCore\mcshield.exec:\windows\RTHDCPL.EXEc:\\.\globalroot\SystemRoot\system32\svchost.exec:\windows\system32\RunDLL32.exec:\windows\system32\HPZipm12.exec:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe.**************************************************************************.Completion time: 2012-04-09 12:12:26 - machine was rebootedComboFix-quarantined-files.txt 2012-04-09 16:12.Pre-Run: 467,767,496,704 bytes freePost-Run: 469,573,996,544 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn.- - End Of File - - 19B1E6E2540BF43F21ACE54674B5C85AThank you so much for helping! I do appreciate it very much! Link to post Share on other sites More sharing options...
Larusso Posted April 9, 2012 ID:541088 Share Posted April 9, 2012 Well done. Some things needs our attention.Download OTL to your Desktop.Double click on the icon to run it.Under the box paste this inactivexnetsvcsmsconfig%SYSTEMDRIVE%\*.%PROGRAMFILES%\*.exe%LOCALAPPDATA%\*.exe%systemroot%\*. /mp /s%systemroot%\system32\*.manifest /3/md5startexplorer.exeregedit.exewinlogon.exewininit.exeuserinit.exe/md5stopHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsCREATERESTOREPOINTMake sure all other windows are closed to let it run uninterrupted.Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please post both logfiles in your next reply. Link to post Share on other sites More sharing options...
Teed55 Posted April 10, 2012 Author ID:541181 Share Posted April 10, 2012 OTL Log: OTL logfile created on: 4/9/2012 10:28:57 PM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFSComputer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exePRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exePRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exePRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exePRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exePRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exePRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exePRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exePRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exePRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exePRC - [2011/09/30 09:11:18 | 000,794,824 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exePRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exePRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exePRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exePRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exePRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exePRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exePRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exePRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exePRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exePRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exePRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exePRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exePRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exePRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exePRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe========== Modules (No Company Name) ==========MOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dllMOD - [2012/04/04 22:48:36 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dllMOD - [2012/04/04 22:37:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dllMOD - [2012/04/04 22:36:52 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dllMOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dllMOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dllMOD - [2012/04/04 22:36:31 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dllMOD - [2012/04/04 22:36:24 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dllMOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dllMOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dllMOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dllMOD - [2012/04/04 22:34:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllMOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dllMOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dllMOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dllMOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dllMOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dllMOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dllMOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dllMOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dllMOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRCIE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GAM2&o=41647940&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7K&apn_dtid=YYYYYYS8US&apn_uid=8398628C-7E90-4A02-8A79-C61CFCBFAE10&apn_sauid=9C1501A5-5410-45D4-BC67-E05BD61C464AIE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/09 22:26:49 | 000,000,000 | ---D | M][2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\ExtensionsO1 HOSTS File: ([2012/04/09 12:06:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not foundO4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294364092906 (WUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VMActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for JavaActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave FlashActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exeActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOENetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - %systemroot%\system32\quickhealfirewall.dll File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: NMSAccessU - %systemroot%\system32\SE2Cmdm.dll File not foundNetSvcs: ibmsmbus - File not foundNetSvcs: filterservice - File not foundNetSvcs: btnetfilter - %systemroot%\system32\LVCap138.dll File not foundNetSvcs: ASNDIS5 - File not foundNetSvcs: pxfhbus - File not foundNetSvcs: O2SCBUS - File not foundNetSvcs: lhidusb - %systemroot%\system32\MKEMUSB.dll File not foundNetSvcs: fasttrackinstallerservice - %systemroot%\system32\atfsd.dll File not foundNetSvcs: nalntservice - File not foundNetSvcs: SE2Bmdfl - File not foundNetSvcs: pavdrv - File not foundNetSvcs: ghoststartservice - File not foundNetSvcs: freebsd - File not foundNetSvcs: DgiVecp - File not foundNetSvcs: license - File not foundNetSvcs: StkScan - File not foundNetSvcs: s3psddr - File not foundNetSvcs: lxcz_device - File not foundNetSvcs: V0080Dev - File not foundNetSvcs: iftpsvc - %systemroot%\system32\advservice.dll File not foundNetSvcs: oracleorahome90agent - %systemroot%\system32\SE2Cmdfl.dll File not foundNetSvcs: NeroMediaHomeService.4 - %systemroot%\system32\qcdonner.dll File not foundNetSvcs: OracleOraHome92ClientCache - %systemroot%\system32\fallback.dll File not foundNetSvcs: S3GIGP - %systemroot%\system32\addfiltr.dll File not foundNetSvcs: qserver - %systemroot%\system32\dlacdbhm.dll File not foundNetSvcs: websenseuserservice - %systemroot%\system32\s125mgmt.dll File not foundNetSvcs: transbaseservice - File not foundNetSvcs: AmdLLD - File not foundNetSvcs: whoisd32 - File not foundNetSvcs: FsVga - C:\WINDOWS\System32\drivers\fsvga.sys (Microsoft Corporation)NetSvcs: nimcdlbk - File not foundNetSvcs: sfman - File not foundNetSvcs: rollbackclientservice - File not foundNetSvcs: MRESP50 - File not foundNetSvcs: RTHDMIAzAudService - File not foundNetSvcs: WDM_YAMAHAAC97 - File not foundNetSvcs: cq_mem - File not foundNetSvcs: milshieldcleaner - File not foundNetSvcs: mferkdk - File not foundNetSvcs: USBModem - File not foundNetSvcs: PID_08A0 - File not foundNetSvcs: LMouKE - %systemroot%\system32\dtscsi.dll File not foundNetSvcs: symappcore - File not foundNetSvcs: rchost - File not foundNetSvcs: traprcvr - File not foundNetSvcs: AeLookupSvc - File not foundNetSvcs: lxcccustomerconnect - File not foundNetSvcs: sfhlp01 - File not foundNetSvcs: ipodservice - File not foundNetSvcs: uphclean - File not foundNetSvcs: cxlpt - File not foundNetSvcs: zebrceb - %systemroot%\system32\spmd.dll File not foundNetSvcs: nnsvc - %systemroot%\system32\USIUDF.dll File not foundNetSvcs: atitool - %systemroot%\system32\pchost.dll File not foundNetSvcs: ET5Drv - %systemroot%\system32\incdfs.dll File not foundNetSvcs: defwatch - %systemroot%\system32\superproserver.dll File not foundNetSvcs: eloggersvc6 - %systemroot%\system32\cm102u32.dll File not foundNetSvcs: siside - %systemroot%\system32\siswlsvc.dll File not foundNetSvcs: tvichw32 - File not foundNetSvcs: symsecureport - %systemroot%\system32\s217unic.dll File not foundNetSvcs: PTDCBus - %systemroot%\system32\bthusb.dll File not foundNetSvcs: sdbus - %systemroot%\system32\ctdvda2k.dll File not foundNetSvcs: dcstor32 - %systemroot%\system32\int15.sys.dll File not foundNetSvcs: tfsndrct - %systemroot%\system32\modem.dll File not foundNetSvcs: upperdev - %systemroot%\system32\vxd.dll File not foundNetSvcs: smrt - %systemroot%\system32\iolodmv.dll File not foundNetSvcs: NuidFltr - %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll File not foundNetSvcs: CnxTrUsb - %systemroot%\system32\ser2plms.dll File not foundNetSvcs: se58mdm - %systemroot%\system32\GoogleDesktopManager-010708-104812.dll File not foundNetSvcs: dlaudfam - %systemroot%\system32\Alpham1.dll File not foundNetSvcs: Freedom - %systemroot%\system32\pccsmcfd.dll File not foundNetSvcs: cpqdmi - %systemroot%\system32\TNaviSrv.dll File not foundNetSvcs: SetupNT - %systemroot%\system32\aksfridge.dll File not foundNetSvcs: nvata - %systemroot%\system32\crcdisk.dll File not foundNetSvcs: mssql$sony_mediamgr - %systemroot%\system32\pktfilter.dll File not foundNetSvcs: elotouchscreen - %systemroot%\system32\WMIService.dll File not foundNetSvcs: Cam5603C - %systemroot%\system32\BCMTPM.dll File not foundNetSvcs: IPSECSHM - %systemroot%\system32\backupexecjobengine.dll File not foundNetSvcs: SprintRcAppSvc - %systemroot%\system32\cercsr6.dll File not foundNetSvcs: s116bus - %systemroot%\system32\prfldsvc.dll File not foundNetSvcs: EU3_USB - %systemroot%\system32\RIOUNIV.dll File not foundNetSvcs: DCamUSBMke2 - %systemroot%\system32\napagent.dll File not foundNetSvcs: vpcbus - %systemroot%\system32\basic2.dll File not foundNetSvcs: ikfileflt - %systemroot%\system32\knobserv.dll File not foundNetSvcs: ctljystk - %systemroot%\system32\symantecantibotdriver.dll File not foundNetSvcs: oraclemtsrecoveryservice - %systemroot%\system32\sonytvc.dll File not foundNetSvcs: roxliveshare9 - %systemroot%\system32\tvs.dll File not foundNetSvcs: dcpflics - %systemroot%\system32\nvraid.dll File not foundNetSvcs: vetfddnt - %systemroot%\system32\ntiopnp.dll File not foundNetSvcs: z525obex - %systemroot%\system32\navapel.dll File not foundNetSvcs: w39n51 - %systemroot%\system32\wkscfgsrv.dll File not foundNetSvcs: racsvc - %systemroot%\system32\JavaQuickStarterService.dll File not foundNetSvcs: ICM10USB - %systemroot%\system32\ptilink.dll File not foundNetSvcs: RTL8169 - %systemroot%\system32\roxwatch9.dll File not foundNetSvcs: RSAFAL - %systemroot%\system32\maya70docserver.dll File not foundNetSvcs: cqmghost - %systemroot%\system32\sbpci.dll File not foundNetSvcs: irmon - %systemroot%\system32\quickhealfirewall.dll File not foundNetSvcs: NMSSvc - %systemroot%\system32\iaimfp0.dll File not foundNetSvcs: ELmou - %systemroot%\system32\radclock.dll File not foundNetSvcs: Afc - %systemroot%\system32\lxcj_device.dll File not foundNetSvcs: ibmpmdrv - %systemroot%\system32\ma_cmidi_installerservice.dll File not foundNetSvcs: adpu320 - %systemroot%\system32\tcpip.dll File not foundNetSvcs: Ndisipo - %systemroot%\system32\hcwPVRP2.dll File not foundNetSvcs: us30service - %systemroot%\system32\TPwSav.dll File not foundNetSvcs: AR5416 - %systemroot%\system32\ASMMAP.dll File not foundNetSvcs: ssoftservice - %systemroot%\system32\egathdrv.dll File not foundNetSvcs: w800bus - %systemroot%\system32\SunkFilt.dll File not foundNetSvcs: v2imount - %systemroot%\system32\hsvcmod.dll File not foundNetSvcs: HPFECP20 - %systemroot%\system32\pavsrv.dll File not foundNetSvcs: mhn - %systemroot%\system32\DSXUSB.dll File not foundNetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - %systemroot%\system32\ndistapi.dll File not foundNetSvcs: W700mdfl - %systemroot%\system32\roxupnprenderer.dll File not foundNetSvcs: autostore - %systemroot%\system32\CiscoVpnInstallService.dll File not foundNetSvcs: s116unic - %systemroot%\system32\lcs.dll File not foundNetSvcs: l8042pr2 - %systemroot%\system32\iPassPeriodicUpdateService.dll File not foundNetSvcs: mscsptisrv - %systemroot%\system32\s116unic.dll File not foundNetSvcs: U81xbus - %systemroot%\system32\nvport.dll File not foundNetSvcs: lockmgr - %systemroot%\system32\RTHDMIAzAudService.dll File not foundNetSvcs: rampartsvc - %systemroot%\system32\CAM1210.dll File not foundNetSvcs: idechndr - %systemroot%\system32\cachemgr.dll File not foundNetSvcs: tunnelguardservice - %systemroot%\system32\cmbatt.dll File not foundNetSvcs: owstimer - %systemroot%\system32\acmservice.dll File not foundNetSvcs: DCamUSBSQTECH - %systemroot%\system32\Pctspk.dll File not foundNetSvcs: sbhooksvc - %systemroot%\system32\aolservice.dll File not foundNetSvcs: lwwlicenseservice - %systemroot%\system32\sandradatasrv.dll File not foundNetSvcs: aksusb - %systemroot%\system32\cvspydr2.dll File not foundNetSvcs: fgdxbus - %systemroot%\system32\MA8032U.dll File not foundNetSvcs: dwmrcs - %systemroot%\system32\RivaTuner32.dll File not foundNetSvcs: RTSTOR - %systemroot%\system32\termservice.dll File not foundNetSvcs: besclient - %systemroot%\system32\npkcmsvc.dll File not foundNetSvcs: awecho - %systemroot%\system32\enum1394.dll File not foundNetSvcs: ati - %systemroot%\system32\tmmbd.dll File not foundNetSvcs: lvselsus - %systemroot%\system32\iwebcal.dll File not foundNetSvcs: ROOTUSB - %systemroot%\system32\anio.dll File not foundNetSvcs: HFACSVC - %systemroot%\system32\kpfwsvc.dll File not foundNetSvcs: datunidr - File not foundNetSvcs: USBDeviceService - %systemroot%\system32\w550bus.dll File not foundNetSvcs: vpctcom - %systemroot%\system32\EpmShd.dll File not foundNetSvcs: adobeversioncue - File not foundNetSvcs: SE2Cmgmt - %systemroot%\system32\backupexecnamingservice.dll File not foundNetSvcs: ATKFUSService - %systemroot%\system32\KS0108.dll File not foundNetSvcs: SWMX00 - %systemroot%\system32\nmwcdc.dll File not foundNetSvcs: ProcObsrv - %systemroot%\system32\rsvchost.dll File not foundNetSvcs: Angel2 - %systemroot%\system32\sfng32.dll File not foundNetSvcs: pfmodnt - %systemroot%\system32\HPFECP20.dll File not foundNetSvcs: SrvcEKIOMngr - %systemroot%\system32\dcomlaunch.dll File not foundNetSvcs: ccflic0 - %systemroot%\system32\aswlsvc.dll File not foundNetSvcs: ALABULK - %systemroot%\system32\lxdmCATSCustConnectService.dll File not foundNetSvcs: oracleorahometnslistener - %systemroot%\system32\pdengine.dll File not foundNetSvcs: DCamUSBGrandTek - %systemroot%\system32\WavxDMgr.dll File not foundNetSvcs: cwafadmincontroller - %systemroot%\system32\ghostsec.dll File not foundNetSvcs: sglfb - %systemroot%\system32\Invoker.dll File not foundNetSvcs: CTSBLFX.DLL - %systemroot%\system32\oracleformsserver-forms60server-oraform.dll File not foundNetSvcs: cpqarry2 - %systemroot%\system32\psasrv.dll File not foundNetSvcs: s125mdm - %systemroot%\system32\iviregmgr.dll File not foundNetSvcs: bdfdll - %systemroot%\system32\A88xXBar.dll File not foundNetSvcs: WscNetDr - %systemroot%\system32\winpower.dll File not foundNetSvcs: hpdskflt - %systemroot%\system32\avg7alrt.dll File not foundNetSvcs: stylexphelper - %systemroot%\system32\vstor2.dll File not foundNetSvcs: ltck000c - %systemroot%\system32\EUSBMSD.dll File not foundNetSvcs: JGOGO - %systemroot%\system32\ndiscm.dll File not foundNetSvcs: cpucoolserver - %systemroot%\system32\mcdbus.dll File not foundNetSvcs: sstpsvc - %systemroot%\system32\portio.dll File not foundNetSvcs: websensepolicyserver - %systemroot%\system32\smservaz.dll File not foundNetSvcs: softfax - %systemroot%\system32\senfilt.dll File not foundNetSvcs: AVRec - %systemroot%\system32\tsmapip.dll File not foundNetSvcs: WIBUKEY - %systemroot%\system32\scarddrv.dll File not foundNetSvcs: U2SP - %systemroot%\system32\WNIPROT5.dll File not foundNetSvcs: viaudio - %systemroot%\system32\carboniteservice.dll File not foundNetSvcs: amusbprt - %systemroot%\system32\cmuda.dll File not foundNetSvcs: wpsdrvnt - %systemroot%\system32\mcafeeantispyware.dll File not foundNetSvcs: dnserver32 - %systemroot%\system32\emclisrv.dll File not foundNetSvcs: WINIO - %systemroot%\system32\PCDCODEC.dll File not foundNetSvcs: iaantmon - %systemroot%\system32\yukonwxp.dll File not foundNetSvcs: pcctlcom - %systemroot%\system32\soma.dll File not foundNetSvcs: DMUSBUSBDCam - %systemroot%\system32\lvupdtio.dll File not foundNetSvcs: AlteraByteBlaster - %systemroot%\system32\W55U01.dll File not foundNetSvcs: Cam5603D - %systemroot%\system32\MA8032M.dll File not foundNetSvcs: purendis - %systemroot%\system32\ndproxy.dll File not foundNetSvcs: ohci1394 - %systemroot%\system32\w29n51.dll File not foundNetSvcs: parallel - %systemroot%\system32\mail2ec.dll File not foundNetSvcs: ziptoa - %systemroot%\system32\NVENET.dll File not foundNetSvcs: U3sHlpDr - File not foundNetSvcs: usnsvc - %systemroot%\system32\hclinetd.dll File not foundNetSvcs: VirtualFD - %systemroot%\system32\WNCPKT.dll File not foundNetSvcs: dirms_defragmentation - %systemroot%\system32\orbmediaservice.dll File not foundNetSvcs: tosrfec - %systemroot%\system32\L8042Kbd.dll File not foundNetSvcs: s116obex - %systemroot%\system32\pserve.dll File not foundNetSvcs: rxmssync - %systemroot%\system32\WGX.dll File not foundNetSvcs: comhost - %systemroot%\system32\kpf4.dll File not foundNetSvcs: Wtcls2k - %systemroot%\system32\btdriver.dll File not foundNetSvcs: iaimfp1 - %systemroot%\system32\mmc_2K.dll File not foundNetSvcs: lmimaint - %systemroot%\system32\i81x.dll File not foundNetSvcs: spbbcsvc - %systemroot%\system32\emitray.dll File not foundNetSvcs: filechecker - %systemroot%\system32\sfman.dll File not foundNetSvcs: cvslock - %systemroot%\system32\bt3cusb.dll File not foundNetSvcs: egathdrv - %systemroot%\system32\mvserver.dll File not foundNetSvcs: issuser - %systemroot%\system32\PCASp50.dll File not foundNetSvcs: speedfan - %systemroot%\system32\btkrnl.dll File not foundNetSvcs: sansaservice - %systemroot%\system32\p17.dll File not foundNetSvcs: s616obex - %systemroot%\system32\SE2Bmdfl.dll File not foundNetSvcs: mvwebserver - %systemroot%\system32\websensecpmcommunicationagent.dll File not foundNetSvcs: diskeeper - %systemroot%\system32\apfiltrservice.dll File not foundNetSvcs: cpqdfw - %systemroot%\system32\tangoservice.dll File not foundNetSvcs: iaimfp2 - %systemroot%\system32\USR1806V.dll File not foundNetSvcs: SE27bus - %systemroot%\system32\BCM43XV.dll File not foundNetSvcs: mxserver - %systemroot%\system32\se58bus.dll File not foundNetSvcs: vmnetdhcp - %systemroot%\system32\w3svc.dll File not foundNetSvcs: TestHandler - %systemroot%\system32\VRADFIL.dll File not foundNetSvcs: edspport - %systemroot%\system32\ino_flpy.dll File not foundNetSvcs: NSSvcMgr - %systemroot%\system32\stcagent.dll File not foundNetSvcs: qfcoresvc - %systemroot%\system32\raidmsvr.dll File not foundNetSvcs: crauto - %systemroot%\system32\SQLAgent$LG_LP2.dll File not foundNetSvcs: mssqlserver - %systemroot%\system32\igniteservice.exe.dll File not foundNetSvcs: fshttps - %systemroot%\system32\symc8xx.dll File not foundNetSvcs: pdlnecfg - %systemroot%\system32\WaveFDE.dll File not foundNetSvcs: BUFADPT - %systemroot%\system32\fix.dll File not foundNetSvcs: cachemgr - %systemroot%\system32\trlokom_rmhsvc.dll File not foundNetSvcs: rt73 - %systemroot%\system32\WD_FireWire_HID.dll File not foundNetSvcs: sprtsvc_dellsupportcenter - File not foundNetSvcs: backupexecrpcservice - File not foundNetSvcs: pchost - File not foundNetSvcs: iolodmv - File not foundNetSvcs: NWHOST - %systemroot%\system32\zpjava.dll File not foundNetSvcs: shdserv - %systemroot%\system32\bc_tdi_f.dll File not foundNetSvcs: rupsd - File not foundNetSvcs: surveyor - File not foundNetSvcs: se2End5 - File not foundNetSvcs: ctaud2k - File not foundNetSvcs: w800mdfl - File not foundNetSvcs: cis1284 - File not foundNetSvcs: tvtpktfilter - File not foundNetSvcs: digisptiservice - File not foundNetSvcs: quickhealfirewall - File not foundNetSvcs: kraidsvc - File not foundNetSvcs: awhost32 - File not foundNetSvcs: backupexecalertserver - File not foundNetSvcs: XUIF - File not foundNetSvcs: amdppm - File not foundNetSvcs: AF15BDA - File not foundNetSvcs: win32sl - %systemroot%\system32\tosrfnds.dll File not foundNetSvcs: pavprsrv - File not foundNetSvcs: timounter - File not foundNetSvcs: de_serv - File not foundNetSvcs: oracle_load_balancer_60_client-forms6i - File not foundNetSvcs: rnadirmultiplexor - File not foundNetSvcs: psdistributionagent - File not foundNetSvcs: ql2100 - File not foundNetSvcs: iksysflt - %systemroot%\system32\spcsutilityservice.dll File not foundNetSvcs: vncmirror - %systemroot%\system32\dktknsrv.dll File not foundNetSvcs: VAIOMediaPlatform-PhotoServer-HTTP - %systemroot%\system32\caccprovsp.dll File not foundNetSvcs: SWUMX20 - %systemroot%\system32\isdrv120.dll File not foundNetSvcs: NVR0FLASHDev - %systemroot%\system32\shdserv.dll File not foundNetSvcs: acrsch2svc - %systemroot%\system32\iaimfp2.dll File not foundNetSvcs: wlmel51b - File not foundNetSvcs: windrvNT - %systemroot%\system32\NVTCP.dll File not foundNetSvcs: ofcpfwsvc - %systemroot%\system32\SrvcSSIOMngr.dll File not foundNetSvcs: winachsx - File not foundNetSvcs: Invoker - File not foundNetSvcs: arcltsrv - File not foundNetSvcs: AsDsm - File not foundNetSvcs: icm10blk - %systemroot%\system32\se27unic.dll File not foundNetSvcs: qbcfmonitorservice - File not foundNetSvcs: ha10kx2k - File not foundNetSvcs: wacommousefilter - File not foundNetSvcs: SQLAgent$ABBEYIIOFFLINE - File not foundNetSvcs: VHidMinidrv - File not foundNetSvcs: eeyeevnt - File not foundNetSvcs: navapel - File not foundNetSvcs: psasrv - %systemroot%\system32\lxbt_device.dll File not foundNetSvcs: SE26mdm - File not foundNetSvcs: appdrv - File not foundNetSvcs: MTDVC2 - File not foundNetSvcs: S7oppilx - File not foundNetSvcs: pdlndlpb - File not foundNetSvcs: W8335XP - File not foundNetSvcs: WmdmPmSp - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ApproveIt StartUp.lnk - - File not foundMsConfig - StartUpReg: ASUS Update Checker - hkey= - key= - C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe (ASUSTeK Computer Inc.)MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not foundMsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/04/09 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/04/09 11:37:59 | 004,453,897 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe[2012/04/06 23:50:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools[2012/04/06 23:18:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi[2012/04/06 13:10:06 | 000,000,000 | ---D | C] -- C:\Config.Msi[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/09 22:34:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP[2012/04/09 22:33:27 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe[2012/04/09 22:23:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/04/09 22:23:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd[2012/04/09 22:23:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/04/09 12:10:57 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/04/09 12:10:57 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/04/09 12:06:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2012/04/09 12:05:54 | 000,753,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2012/04/09 11:38:04 | 004,453,897 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip[2012/04/08 22:52:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/04/08 22:46:02 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe[2012/04/06 23:50:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.scr[2012/04/06 23:18:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\dds.com[2012/04/06 21:46:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk[2012/04/06 14:00:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe[2012/04/06 13:56:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2012/04/05 21:06:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2012/04/04 17:15:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip[2012/04/06 13:59:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\2l8ovdbp.exe[2012/04/06 13:55:57 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Defogger.exe[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin========== LOP Check ==========[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*. >[2011/07/19 15:08:21 | 000,000,000 | ---D | M] -- C:\053eea491c5fc9b2c72bfb42e521[2011/12/24 23:22:53 | 000,000,000 | ---D | M] -- C:\3df72c8464bb5f5dd77263cd56db[2012/04/04 17:51:24 | 000,000,000 | ---D | M] -- C:\6802ba65daf0b3e792[2011/01/08 13:42:58 | 000,000,000 | ---D | M] -- C:\814b825119a9056f53be[2012/04/09 07:00:29 | 000,000,000 | ---D | M] -- C:\ASUS.000[2011/01/06 23:18:28 | 000,000,000 | ---D | M] -- C:\ASUS.SYS[2011/01/07 15:20:37 | 000,000,000 | ---D | M] -- C:\ATI[2012/04/09 11:44:51 | 000,000,000 | RHSD | M] -- C:\cmdcons[2011/01/09 16:24:43 | 000,000,000 | ---D | M] -- C:\col3927[2012/04/06 13:20:34 | 000,000,000 | ---D | M] -- C:\Config.Msi[2011/01/07 15:20:18 | 000,000,000 | ---D | M] -- C:\Diamond[2011/12/11 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings[2011/12/11 20:55:31 | 000,000,000 | -H-D | M] -- C:\dvmexp[2012/04/04 17:39:15 | 000,000,000 | ---D | M] -- C:\Firefox[2011/01/06 21:28:00 | 000,000,000 | ---D | M] -- C:\Intel[2011/01/07 20:26:07 | 000,000,000 | R--D | M] -- C:\MSOCache[2011/08/20 10:12:51 | 000,000,000 | ---D | M] -- C:\NVIDIA[2012/04/06 13:15:35 | 000,000,000 | R--D | M] -- C:\Program Files[2012/04/09 12:12:49 | 000,000,000 | ---D | M] -- C:\Qoobox[2011/12/20 11:43:23 | 000,000,000 | ---D | M] -- C:\SUPPORT[2011/12/11 20:43:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information[2012/04/09 11:25:34 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine[2011/12/23 17:33:42 | 000,000,000 | ---D | M] -- C:\temp[2012/04/09 22:26:53 | 000,000,000 | ---D | M] -- C:\WINDOWS[2011/01/06 21:31:15 | 000,000,000 | ---D | M] -- C:\WUTemp< %PROGRAMFILES%\*.exe >Invalid Environment Variable: LOCALAPPDATA< %systemroot%\*. /mp /s >< %systemroot%\system32\*.manifest /3 >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< MD5 for: EXPLORER.EXE >[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe< MD5 for: REGEDIT.EXE >[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe[2004/08/04 03:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe< MD5 for: USERINIT.EXE >[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe< MD5 for: WINLOGON.EXE >[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-30 01:22:11========== Alternate Data Streams ==========@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84< End of report > Link to post Share on other sites More sharing options...
Teed55 Posted April 10, 2012 Author ID:541182 Share Posted April 10, 2012 OTL Extras log:OTL Extras logfile created on: 4/9/2012 10:28:57 PM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.49 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.52% Memory free5.33 Gb Paging File | 4.03 Gb Available in Paging File | 75.64% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 437.36 Gb Free Space | 93.90% Space Free | Partition Type: NTFSComputer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 1"EnableFirewall" = 0"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 1"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners"{713AB069-D22F-4C15-89F0-0FEE92D9AD47}" = PS7600"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}" = Microsoft S/MIME"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"All ATI Software" = ATI - Software Uninstall Utility"ATI Display Driver" = ATI Display Driver"Browser Defender_is1" = Browser Defender 4.0"Cisco Connect" = Cisco Connect"ENTERPRISE" = Microsoft Office Enterprise 2007"Google Chrome" = Google Chrome"ie8" = Windows Internet Explorer 8"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MSC" = McAfee AntiVirus Plus"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NVIDIA Display Control Panel" = NVIDIA Display Control Panel"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"QuickTime" = QuickTime"Spyware Doctor" = PC Tools Spyware Doctor 9.0"Steam App 72850" = The Elder Scrolls V: Skyrim"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== Last 10 Event Log Errors ==========[ Application Events ]Error - 4/6/2012 6:21:38 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 4528 (0x11b0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\LTWEB12n.dll by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/8/2012 12:15:45 PM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 2036 (0x7f4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools Security\TransactionResults\Transaction123.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)Error - 4/9/2012 10:55:04 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 3000 (0xbb8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western Digital\WD SmartWare\Front Parlor\config\DefaultRules.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/9/2012 10:55:14 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 2580 (0xa14) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools Security\TransactionResults\Transaction125.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)Error - 4/9/2012 11:03:39 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 5136 (0x1410) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/9/2012 11:06:02 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 4052 (0xfd4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools Security\BDT\EN.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/9/2012 11:12:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 3800 (0xed8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Western Digital\WD SmartWare\Front Parlor\ConfigManager.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/9/2012 11:30:27 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 4064 (0xfe0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\PC Tools Security\TransactionResults\Transaction126.xml by C:\Program Files\PC Tools Security\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)Error - 4/9/2012 11:32:47 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 4628 (0x1214) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John & Wendy\Local Settings\Temporary Internet Files\Content.IE5\AIZINXSZ\anatm[1].js by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 4/9/2012 11:35:05 AM | Computer Name = DESKTOP-1 | Source = McLogEvent | ID = 5051Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated.Thread id : 5348 (0x14e4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\John & Wendy\Local Settings\Temporary Internet Files\Content.IE5\D905BXDA\brief[1].xml by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) [ System Events ]Error - 4/8/2012 10:57:47 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 10:58:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 10:59:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:00:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:01:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:02:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:03:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:04:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:05:48 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Network Location Awareness (NLA) service terminated with the following error: %%127Error - 4/8/2012 11:06:24 PM | Computer Name = DESKTOP-1 | Source = Service Control Manager | ID = 7023Description = The Digirefresh service terminated with the following error: %%126< End of report > Link to post Share on other sites More sharing options...
Larusso Posted April 10, 2012 ID:541198 Share Posted April 10, 2012 Double click on the OTL icon to run it.Copy/paste the entire contents of the codebox below into the Box::otlSRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVENET.dll -- (ziptoa)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spmd.dll -- (zebrceb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navapel.dll -- (z525obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btdriver.dll -- (Wtcls2k)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (WscNetDr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (wpsdrvnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (WINIO)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVTCP.dll -- (windrvNT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (win32sl)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (WIBUKEY)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mgmt.dll -- (websenseuserservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservaz.dll -- (websensepolicyserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt.dll -- (w800bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (W700mdfl)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wkscfgsrv.dll -- (w39n51)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (vpctcom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\basic2.dll -- (vpcbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (vncmirror)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (vmnetdhcp)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNCPKT.dll -- (VirtualFD)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (viaudio)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (vetfddnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caccprovsp.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hsvcmod.dll -- (v2imount)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (usnsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550bus.dll -- (USBDeviceService)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TPwSav.dll -- (us30service)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vxd.dll -- (upperdev)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (U81xbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WNIPROT5.dll -- (U2SP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmbatt.dll -- (tunnelguardservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042Kbd.dll -- (tosrfec)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\modem.dll -- (tfsndrct)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRADFIL.dll -- (TestHandler)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217unic.dll -- (symsecureport)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv120.dll -- (SWUMX20)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (stylexphelper)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portio.dll -- (sstpsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (ssoftservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcomlaunch.dll -- (SrvcEKIOMngr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cercsr6.dll -- (SprintRcAppSvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (speedfan)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emitray.dll -- (spbbcsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (softfax)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (smrt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siswlsvc.dll -- (siside)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (shdserv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Invoker.dll -- (sglfb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aksfridge.dll -- (SetupNT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoogleDesktopManager-010708-104812.dll -- (se58mdm)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecnamingservice.dll -- (SE2Cmgmt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM43XV.dll -- (SE27bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctdvda2k.dll -- (sdbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aolservice.dll -- (sbhooksvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sansaservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (s616obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (S3GIGP)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (s125mdm)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lcs.dll -- (s116unic)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pserve.dll -- (s116obex)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (s116bus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WGX.dll -- (rxmssync)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\termservice.dll -- (RTSTOR)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxwatch9.dll -- (RTL8169)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (rt73)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (RSAFAL)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (roxliveshare9)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (ROOTUSB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAM1210.dll -- (rampartsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (racsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (qserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmsvr.dll -- (qfcoresvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndproxy.dll -- (purendis)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (PTDCBus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (psasrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (ProcObsrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HPFECP20.dll -- (pfmodnt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (pdlnecfg)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\soma.dll -- (pcctlcom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mail2ec.dll -- (parallel)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acmservice.dll -- (owstimer)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (oracleorahometnslistener)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fallback.dll -- (OracleOraHome92ClientCache)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdfl.dll -- (oracleorahome90agent)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonytvc.dll -- (oraclemtsrecoveryservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w29n51.dll -- (ohci1394)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (ofcpfwsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (NWHOST)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shdserv.dll -- (NVR0FLASHDev)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (nvata)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll -- (NuidFltr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stcagent.dll -- (NSSvcMgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (nnsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp0.dll -- (NMSSvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (NMSAccessU)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (NeroMediaHomeService.4)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcwPVRP2.dll -- (Ndisipo)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58bus.dll -- (mxserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecpmcommunicationagent.dll -- (mvwebserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (mssqlserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pktfilter.dll -- (mssql$sony_mediamgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116unic.dll -- (mscsptisrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSXUSB.dll -- (mhn)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandradatasrv.dll -- (lwwlicenseservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebcal.dll -- (lvselsus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (ltck000c)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTHDMIAzAudService.dll -- (lockmgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtscsi.dll -- (LMouKE)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i81x.dll -- (lmimaint)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MKEMUSB.dll -- (lhidusb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassPeriodicUpdateService.dll -- (l8042pr2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiscm.dll -- (JGOGO)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCASp50.dll -- (issuser)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (irmon)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (IPSECSHM)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcsutilityservice.dll -- (iksysflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\knobserv.dll -- (ikfileflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advservice.dll -- (iftpsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cachemgr.dll -- (idechndr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptilink.dll -- (ICM10USB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se27unic.dll -- (icm10blk)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (ibmpmdrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USR1806V.dll -- (iaimfp2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mmc_2K.dll -- (iaimfp1)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (iaantmon)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavsrv.dll -- (HPFECP20)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7alrt.dll -- (hpdskflt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (HFACSVC)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (fshttps)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (Freedom)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (filechecker)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032U.dll -- (fgdxbus)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (fasttrackinstallerservice)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (EU3_USB)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdfs.dll -- (ET5Drv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (elotouchscreen)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (eloggersvc6)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radclock.dll -- (ELmou)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (egathdrv)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (edspport)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (dwmrcs)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (dnserver32)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvupdtio.dll -- (DMUSBUSBDCam)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (dlaudfam)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (diskeeper)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbmediaservice.dll -- (dirms_defragmentation)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\superproserver.dll -- (defwatch)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\int15.sys.dll -- (dcstor32)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvraid.dll -- (dcpflics)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pctspk.dll -- (DCamUSBSQTECH)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\napagent.dll -- (DCamUSBMke2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WavxDMgr.dll -- (DCamUSBGrandTek)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ghostsec.dll -- (cwafadmincontroller)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cusb.dll -- (cvslock)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleformsserver-forms60server-oraform.dll -- (CTSBLFX.DLL)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (ctljystk)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (crauto)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbpci.dll -- (cqmghost)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcdbus.dll -- (cpucoolserver)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TNaviSrv.dll -- (cpqdmi)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tangoservice.dll -- (cpqdfw)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psasrv.dll -- (cpqarry2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (comhost)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ser2plms.dll -- (CnxTrUsb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (ccflic0)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (Cam5603D)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCMTPM.dll -- (Cam5603C)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (cachemgr)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (BUFADPT)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LVCap138.dll -- (btnetfilter)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (besclient)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\A88xXBar.dll -- (bdfdll)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (awecho)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmapip.dll -- (AVRec)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (autostore)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KS0108.dll -- (ATKFUSService)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (atitool)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (ati)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (AR5416)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (Angel2)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmuda.dll -- (amusbprt)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (AlteraByteBlaster)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxdmCATSCustConnectService.dll -- (ALABULK)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (aksusb)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcj_device.dll -- (Afc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (adpu320)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iaimfp2.dll -- (acrsch2svc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndistapi.dll -- ({6080a529-897e-4629-a488-aba0c29b635e}):reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\ 76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\ 65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\ 00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\ 62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\ 49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\ 57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\ 6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\ 61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\ 52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\ 75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\ 63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\ 68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\ 56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\ 73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\ 6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\ 57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00:commands[reboot] Please close all other programs now.Then click the Run Fix button at the top.OTL may ask to reboot the machine. Please do so if asked.If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.Please post the log in your next reply.Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.Disable your AntiVirus and AntiSpyware applications.Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review. Link to post Share on other sites More sharing options...
Teed55 Posted April 12, 2012 Author ID:541949 Share Posted April 12, 2012 I got the OTL to run, but had problems with Combofix. When I tried to use Combofix it locked up the computer and I had to reboot. I tried to use it a second time and this time it is stuck on the blue text box and says: Combofix preparing to run... Attempting to create a new System Restore point. And it is stuck at this point. I'm not sure what to do now.... Would it be ok to turn it off or reboot the computer? (Having to type this out from my laptop since the desktop comp is locked up.) Link to post Share on other sites More sharing options...
Teed55 Posted April 12, 2012 Author ID:542041 Share Posted April 12, 2012 Be prepared for a lot of work to remove it. Our desktop was completely rebuilt this past fall and we spent a lot of $$$ on it. And even with Malwarebytes, McAfee & PCdoctor.. we still got that virus. Link to post Share on other sites More sharing options...
Teed55 Posted April 12, 2012 Author ID:542047 Share Posted April 12, 2012 Daniel, here is the OTL log:========== OTL ==========Service ziptoa stopped successfully!Service ziptoa deleted successfully!File %systemroot%\system32\NVENET.dll not found.Service zebrceb stopped successfully!Service zebrceb deleted successfully!File %systemroot%\system32\spmd.dll not found.Service z525obex stopped successfully!Service z525obex deleted successfully!File %systemroot%\system32\navapel.dll not found.Service Wtcls2k stopped successfully!Service Wtcls2k deleted successfully!File %systemroot%\system32\btdriver.dll not found.Service WscNetDr stopped successfully!Service WscNetDr deleted successfully!File %systemroot%\system32\winpower.dll not found.Service wpsdrvnt stopped successfully!Service wpsdrvnt deleted successfully!File %systemroot%\system32\mcafeeantispyware.dll not found.Service WINIO stopped successfully!Service WINIO deleted successfully!File %systemroot%\system32\PCDCODEC.dll not found.Service windrvNT stopped successfully!Service windrvNT deleted successfully!File %systemroot%\system32\NVTCP.dll not found.Service win32sl stopped successfully!Service win32sl deleted successfully!File %systemroot%\system32\tosrfnds.dll not found.Service WIBUKEY stopped successfully!Service WIBUKEY deleted successfully!File %systemroot%\system32\scarddrv.dll not found.Service websenseuserservice stopped successfully!Service websenseuserservice deleted successfully!File %systemroot%\system32\s125mgmt.dll not found.Service websensepolicyserver stopped successfully!Service websensepolicyserver deleted successfully!File %systemroot%\system32\smservaz.dll not found.Service w800bus stopped successfully!Service w800bus deleted successfully!File %systemroot%\system32\SunkFilt.dll not found.Service W700mdfl stopped successfully!Service W700mdfl deleted successfully!File %systemroot%\system32\roxupnprenderer.dll not found.Service w39n51 stopped successfully!Service w39n51 deleted successfully!File %systemroot%\system32\wkscfgsrv.dll not found.Service vpctcom stopped successfully!Service vpctcom deleted successfully!File %systemroot%\system32\EpmShd.dll not found.Service vpcbus stopped successfully!Service vpcbus deleted successfully!File %systemroot%\system32\basic2.dll not found.Service vncmirror stopped successfully!Service vncmirror deleted successfully!File %systemroot%\system32\dktknsrv.dll not found.Service vmnetdhcp stopped successfully!Service vmnetdhcp deleted successfully!File %systemroot%\system32\w3svc.dll not found.Service VirtualFD stopped successfully!Service VirtualFD deleted successfully!File %systemroot%\system32\WNCPKT.dll not found.Service viaudio stopped successfully!Service viaudio deleted successfully!File %systemroot%\system32\carboniteservice.dll not found.Service vetfddnt stopped successfully!Service vetfddnt deleted successfully!File %systemroot%\system32\ntiopnp.dll not found.Service VAIOMediaPlatform-PhotoServer-HTTP stopped successfully!Service VAIOMediaPlatform-PhotoServer-HTTP deleted successfully!File %systemroot%\system32\caccprovsp.dll not found.Service v2imount stopped successfully!Service v2imount deleted successfully!File %systemroot%\system32\hsvcmod.dll not found.Service usnsvc stopped successfully!Service usnsvc deleted successfully!File %systemroot%\system32\hclinetd.dll not found.Service USBDeviceService stopped successfully!Service USBDeviceService deleted successfully!File %systemroot%\system32\w550bus.dll not found.Service us30service stopped successfully!Service us30service deleted successfully!File %systemroot%\system32\TPwSav.dll not found.Service upperdev stopped successfully!Service upperdev deleted successfully!File %systemroot%\system32\vxd.dll not found.Service U81xbus stopped successfully!Service U81xbus deleted successfully!File %systemroot%\system32\nvport.dll not found.Service U2SP stopped successfully!Service U2SP deleted successfully!File %systemroot%\system32\WNIPROT5.dll not found.Service tunnelguardservice stopped successfully!Service tunnelguardservice deleted successfully!File %systemroot%\system32\cmbatt.dll not found.Service tosrfec stopped successfully!Service tosrfec deleted successfully!File %systemroot%\system32\L8042Kbd.dll not found.Service tfsndrct stopped successfully!Service tfsndrct deleted successfully!File %systemroot%\system32\modem.dll not found.Service TestHandler stopped successfully!Service TestHandler deleted successfully!File %systemroot%\system32\VRADFIL.dll not found.Service symsecureport stopped successfully!Service symsecureport deleted successfully!File %systemroot%\system32\s217unic.dll not found.Service SWUMX20 stopped successfully!Service SWUMX20 deleted successfully!File %systemroot%\system32\isdrv120.dll not found.Error: No service named SWMX00) BLKWGU(Belkin was found to stop!Service\Driver key SWMX00) BLKWGU(Belkin not found.File %systemroot%\system32\nmwcdc.dll not found.Service stylexphelper stopped successfully!Service stylexphelper deleted successfully!File %systemroot%\system32\vstor2.dll not found.Service sstpsvc stopped successfully!Service sstpsvc deleted successfully!File %systemroot%\system32\portio.dll not found.Service ssoftservice stopped successfully!Service ssoftservice deleted successfully!File %systemroot%\system32\egathdrv.dll not found.Service SrvcEKIOMngr stopped successfully!Service SrvcEKIOMngr deleted successfully!File %systemroot%\system32\dcomlaunch.dll not found.Service SprintRcAppSvc stopped successfully!Service SprintRcAppSvc deleted successfully!File %systemroot%\system32\cercsr6.dll not found.Service speedfan stopped successfully!Service speedfan deleted successfully!File %systemroot%\system32\btkrnl.dll not found.Service spbbcsvc stopped successfully!Service spbbcsvc deleted successfully!File %systemroot%\system32\emitray.dll not found.Service softfax stopped successfully!Service softfax deleted successfully!File %systemroot%\system32\senfilt.dll not found.Service smrt stopped successfully!Service smrt deleted successfully!File %systemroot%\system32\iolodmv.dll not found.Service siside stopped successfully!Service siside deleted successfully!File %systemroot%\system32\siswlsvc.dll not found.Service shdserv stopped successfully!Service shdserv deleted successfully!File %systemroot%\system32\bc_tdi_f.dll not found.Service sglfb stopped successfully!Service sglfb deleted successfully!File %systemroot%\system32\Invoker.dll not found.Service SetupNT stopped successfully!Service SetupNT deleted successfully!File %systemroot%\system32\aksfridge.dll not found.Service se58mdm stopped successfully!Service se58mdm deleted successfully!File %systemroot%\system32\GoogleDesktopManager-010708-104812.dll not found.Service SE2Cmgmt stopped successfully!Service SE2Cmgmt deleted successfully!File %systemroot%\system32\backupexecnamingservice.dll not found.Service SE27bus stopped successfully!Service SE27bus deleted successfully!File %systemroot%\system32\BCM43XV.dll not found.Service sdbus stopped successfully!Service sdbus deleted successfully!File %systemroot%\system32\ctdvda2k.dll not found.Service sbhooksvc stopped successfully!Service sbhooksvc deleted successfully!File %systemroot%\system32\aolservice.dll not found.Service sansaservice stopped successfully!Service sansaservice deleted successfully!File %systemroot%\system32\p17.dll not found.Service s616obex stopped successfully!Service s616obex deleted successfully!File %systemroot%\system32\SE2Bmdfl.dll not found.Service S3GIGP stopped successfully!Service S3GIGP deleted successfully!File %systemroot%\system32\addfiltr.dll not found.Service s125mdm stopped successfully!Service s125mdm deleted successfully!File %systemroot%\system32\iviregmgr.dll not found.Service s116unic stopped successfully!Service s116unic deleted successfully!File %systemroot%\system32\lcs.dll not found.Service s116obex stopped successfully!Service s116obex deleted successfully!File %systemroot%\system32\pserve.dll not found.Service s116bus stopped successfully!Service s116bus deleted successfully!File %systemroot%\system32\prfldsvc.dll not found.Service rxmssync stopped successfully!Service rxmssync deleted successfully!File %systemroot%\system32\WGX.dll not found.Service RTSTOR stopped successfully!Service RTSTOR deleted successfully!File %systemroot%\system32\termservice.dll not found.Service RTL8169 stopped successfully!Service RTL8169 deleted successfully!File %systemroot%\system32\roxwatch9.dll not found.Service rt73 stopped successfully!Service rt73 deleted successfully!File %systemroot%\system32\WD_FireWire_HID.dll not found.Service RSAFAL stopped successfully!Service RSAFAL deleted successfully!File %systemroot%\system32\maya70docserver.dll not found.Service roxliveshare9 stopped successfully!Service roxliveshare9 deleted successfully!File %systemroot%\system32\tvs.dll not found.Service ROOTUSB stopped successfully!Service ROOTUSB deleted successfully!File %systemroot%\system32\anio.dll not found.Service rampartsvc stopped successfully!Service rampartsvc deleted successfully!File %systemroot%\system32\CAM1210.dll not found.Service racsvc stopped successfully!Service racsvc deleted successfully!File %systemroot%\system32\JavaQuickStarterService.dll not found.Service qserver stopped successfully!Service qserver deleted successfully!File %systemroot%\system32\dlacdbhm.dll not found.Service qfcoresvc stopped successfully!Service qfcoresvc deleted successfully!File %systemroot%\system32\raidmsvr.dll not found.Service purendis stopped successfully!Service purendis deleted successfully!File %systemroot%\system32\ndproxy.dll not found.Service PTDCBus stopped successfully!Service PTDCBus deleted successfully!File %systemroot%\system32\bthusb.dll not found.Service psasrv stopped successfully!Service psasrv deleted successfully!File %systemroot%\system32\lxbt_device.dll not found.Service ProcObsrv stopped successfully!Service ProcObsrv deleted successfully!File %systemroot%\system32\rsvchost.dll not found.Service pfmodnt stopped successfully!Service pfmodnt deleted successfully!File %systemroot%\system32\HPFECP20.dll not found.Service pdlnecfg stopped successfully!Service pdlnecfg deleted successfully!File %systemroot%\system32\WaveFDE.dll not found.Service pcctlcom stopped successfully!Service pcctlcom deleted successfully!File %systemroot%\system32\soma.dll not found.Service parallel stopped successfully!Service parallel deleted successfully!File %systemroot%\system32\mail2ec.dll not found.Service owstimer stopped successfully!Service owstimer deleted successfully!File %systemroot%\system32\acmservice.dll not found.Service oracleorahometnslistener stopped successfully!Service oracleorahometnslistener deleted successfully!File %systemroot%\system32\pdengine.dll not found.Service OracleOraHome92ClientCache stopped successfully!Service OracleOraHome92ClientCache deleted successfully!File %systemroot%\system32\fallback.dll not found.Service oracleorahome90agent stopped successfully!Service oracleorahome90agent deleted successfully!File %systemroot%\system32\SE2Cmdfl.dll not found.Service oraclemtsrecoveryservice stopped successfully!Service oraclemtsrecoveryservice deleted successfully!File %systemroot%\system32\sonytvc.dll not found.Service ohci1394 stopped successfully!Service ohci1394 deleted successfully!File %systemroot%\system32\w29n51.dll not found.Service ofcpfwsvc stopped successfully!Service ofcpfwsvc deleted successfully!File %systemroot%\system32\SrvcSSIOMngr.dll not found.Service NWHOST stopped successfully!Service NWHOST deleted successfully!File %systemroot%\system32\zpjava.dll not found.Service NVR0FLASHDev stopped successfully!Service NVR0FLASHDev deleted successfully!File %systemroot%\system32\shdserv.dll not found.Service nvata stopped successfully!Service nvata deleted successfully!File %systemroot%\system32\crcdisk.dll not found.Service NuidFltr stopped successfully!Service NuidFltr deleted successfully!File %systemroot%\system32\vaiomediaplatform-musicserver-appserver.dll not found.Service NSSvcMgr stopped successfully!Service NSSvcMgr deleted successfully!File %systemroot%\system32\stcagent.dll not found.Service nnsvc stopped successfully!Service nnsvc deleted successfully!File %systemroot%\system32\USIUDF.dll not found.Service NMSSvc stopped successfully!Service NMSSvc deleted successfully!File %systemroot%\system32\iaimfp0.dll not found.Service NMSAccessU stopped successfully!Service NMSAccessU deleted successfully!File %systemroot%\system32\SE2Cmdm.dll not found.Service NeroMediaHomeService.4 stopped successfully!Service NeroMediaHomeService.4 deleted successfully!File %systemroot%\system32\qcdonner.dll not found.Service Ndisipo stopped successfully!Service Ndisipo deleted successfully!File %systemroot%\system32\hcwPVRP2.dll not found.Service mxserver stopped successfully!Service mxserver deleted successfully!File %systemroot%\system32\se58bus.dll not found.Service mvwebserver stopped successfully!Service mvwebserver deleted successfully!File %systemroot%\system32\websensecpmcommunicationagent.dll not found.Service mssqlserver stopped successfully!Service mssqlserver deleted successfully!File %systemroot%\system32\igniteservice.exe.dll not found.Service mssql$sony_mediamgr stopped successfully!Service mssql$sony_mediamgr deleted successfully!File %systemroot%\system32\pktfilter.dll not found.Service mscsptisrv stopped successfully!Service mscsptisrv deleted successfully!File %systemroot%\system32\s116unic.dll not found.Service mhn stopped successfully!Service mhn deleted successfully!File %systemroot%\system32\DSXUSB.dll not found.Service lwwlicenseservice stopped successfully!Service lwwlicenseservice deleted successfully!File %systemroot%\system32\sandradatasrv.dll not found.Service lvselsus stopped successfully!Service lvselsus deleted successfully!File %systemroot%\system32\iwebcal.dll not found.Service ltck000c stopped successfully!Service ltck000c deleted successfully!File %systemroot%\system32\EUSBMSD.dll not found.Service lockmgr stopped successfully!Service lockmgr deleted successfully!File %systemroot%\system32\RTHDMIAzAudService.dll not found.Service LMouKE stopped successfully!Service LMouKE deleted successfully!File %systemroot%\system32\dtscsi.dll not found.Service lmimaint stopped successfully!Service lmimaint deleted successfully!File %systemroot%\system32\i81x.dll not found.Service lhidusb stopped successfully!Service lhidusb deleted successfully!File %systemroot%\system32\MKEMUSB.dll not found.Service l8042pr2 stopped successfully!Service l8042pr2 deleted successfully!File %systemroot%\system32\iPassPeriodicUpdateService.dll not found.Service JGOGO stopped successfully!Service JGOGO deleted successfully!File %systemroot%\system32\ndiscm.dll not found.Service issuser stopped successfully!Service issuser deleted successfully!File %systemroot%\system32\PCASp50.dll not found.Service irmon stopped successfully!Service irmon deleted successfully!File %systemroot%\system32\quickhealfirewall.dll not found.Service IPSECSHM stopped successfully!Service IPSECSHM deleted successfully!File %systemroot%\system32\backupexecjobengine.dll not found.Service iksysflt stopped successfully!Service iksysflt deleted successfully!File %systemroot%\system32\spcsutilityservice.dll not found.Service ikfileflt stopped successfully!Service ikfileflt deleted successfully!File %systemroot%\system32\knobserv.dll not found.Service iftpsvc stopped successfully!Service iftpsvc deleted successfully!File %systemroot%\system32\advservice.dll not found.Service idechndr stopped successfully!Service idechndr deleted successfully!File %systemroot%\system32\cachemgr.dll not found.Service ICM10USB stopped successfully!Service ICM10USB deleted successfully!File %systemroot%\system32\ptilink.dll not found.Service icm10blk stopped successfully!Service icm10blk deleted successfully!File %systemroot%\system32\se27unic.dll not found.Service ibmpmdrv stopped successfully!Service ibmpmdrv deleted successfully!File %systemroot%\system32\ma_cmidi_installerservice.dll not found.Service iaimfp2 stopped successfully!Service iaimfp2 deleted successfully!File %systemroot%\system32\USR1806V.dll not found.Service iaimfp1 stopped successfully!Service iaimfp1 deleted successfully!File %systemroot%\system32\mmc_2K.dll not found.Service iaantmon stopped successfully!Service iaantmon deleted successfully!File %systemroot%\system32\yukonwxp.dll not found.Service HPFECP20 stopped successfully!Service HPFECP20 deleted successfully!File %systemroot%\system32\pavsrv.dll not found.Service hpdskflt stopped successfully!Service hpdskflt deleted successfully!File %systemroot%\system32\avg7alrt.dll not found.Service HFACSVC stopped successfully!Service HFACSVC deleted successfully!File %systemroot%\system32\kpfwsvc.dll not found.Service fshttps stopped successfully!Service fshttps deleted successfully!File %systemroot%\system32\symc8xx.dll not found.Service Freedom stopped successfully!Service Freedom deleted successfully!File %systemroot%\system32\pccsmcfd.dll not found.Service filechecker stopped successfully!Service filechecker deleted successfully!File %systemroot%\system32\sfman.dll not found.Service fgdxbus stopped successfully!Service fgdxbus deleted successfully!File %systemroot%\system32\MA8032U.dll not found.Service fasttrackinstallerservice stopped successfully!Service fasttrackinstallerservice deleted successfully!File %systemroot%\system32\atfsd.dll not found.Service EU3_USB stopped successfully!Service EU3_USB deleted successfully!File %systemroot%\system32\RIOUNIV.dll not found.Service ET5Drv stopped successfully!Service ET5Drv deleted successfully!File %systemroot%\system32\incdfs.dll not found.Service elotouchscreen stopped successfully!Service elotouchscreen deleted successfully!File %systemroot%\system32\WMIService.dll not found.Service eloggersvc6 stopped successfully!Service eloggersvc6 deleted successfully!File %systemroot%\system32\cm102u32.dll not found.Service ELmou stopped successfully!Service ELmou deleted successfully!File %systemroot%\system32\radclock.dll not found.Service egathdrv stopped successfully!Service egathdrv deleted successfully!File %systemroot%\system32\mvserver.dll not found.Service edspport stopped successfully!Service edspport deleted successfully!File %systemroot%\system32\ino_flpy.dll not found.Service dwmrcs stopped successfully!Service dwmrcs deleted successfully!File %systemroot%\system32\RivaTuner32.dll not found.Service dnserver32 stopped successfully!Service dnserver32 deleted successfully!File %systemroot%\system32\emclisrv.dll not found.Service DMUSBUSBDCam stopped successfully!Service DMUSBUSBDCam deleted successfully!File %systemroot%\system32\lvupdtio.dll not found.Service dlaudfam stopped successfully!Service dlaudfam deleted successfully!File %systemroot%\system32\Alpham1.dll not found.Service diskeeper stopped successfully!Service diskeeper deleted successfully!File %systemroot%\system32\apfiltrservice.dll not found.Service dirms_defragmentation stopped successfully!Service dirms_defragmentation deleted successfully!File %systemroot%\system32\orbmediaservice.dll not found.Service defwatch stopped successfully!Service defwatch deleted successfully!File %systemroot%\system32\superproserver.dll not found.Service dcstor32 stopped successfully!Service dcstor32 deleted successfully!File %systemroot%\system32\int15.sys.dll not found.Service dcpflics stopped successfully!Service dcpflics deleted successfully!File %systemroot%\system32\nvraid.dll not found.Service DCamUSBSQTECH stopped successfully!Service DCamUSBSQTECH deleted successfully!File %systemroot%\system32\Pctspk.dll not found.Service DCamUSBMke2 stopped successfully!Service DCamUSBMke2 deleted successfully!File %systemroot%\system32\napagent.dll not found.Service DCamUSBGrandTek stopped successfully!Service DCamUSBGrandTek deleted successfully!File %systemroot%\system32\WavxDMgr.dll not found.Service cwafadmincontroller stopped successfully!Service cwafadmincontroller deleted successfully!File %systemroot%\system32\ghostsec.dll not found.Service cvslock stopped successfully!Service cvslock deleted successfully!File %systemroot%\system32\bt3cusb.dll not found.Service CTSBLFX.DLL stopped successfully!Service CTSBLFX.DLL deleted successfully!File %systemroot%\system32\oracleformsserver-forms60server-oraform.dll not found.Service ctljystk stopped successfully!Service ctljystk deleted successfully!File %systemroot%\system32\symantecantibotdriver.dll not found.Service crauto stopped successfully!Service crauto deleted successfully!File %systemroot%\system32\SQLAgent$LG_LP2.dll not found.Service cqmghost stopped successfully!Service cqmghost deleted successfully!File %systemroot%\system32\sbpci.dll not found.Service cpucoolserver stopped successfully!Service cpucoolserver deleted successfully!File %systemroot%\system32\mcdbus.dll not found.Service cpqdmi stopped successfully!Service cpqdmi deleted successfully!File %systemroot%\system32\TNaviSrv.dll not found.Service cpqdfw stopped successfully!Service cpqdfw deleted successfully!File %systemroot%\system32\tangoservice.dll not found.Service cpqarry2 stopped successfully!Service cpqarry2 deleted successfully!File %systemroot%\system32\psasrv.dll not found.Service comhost stopped successfully!Service comhost deleted successfully!File %systemroot%\system32\kpf4.dll not found.Service CnxTrUsb stopped successfully!Service CnxTrUsb deleted successfully!File %systemroot%\system32\ser2plms.dll not found.Service ccflic0 stopped successfully!Service ccflic0 deleted successfully!File %systemroot%\system32\aswlsvc.dll not found.Service Cam5603D stopped successfully!Service Cam5603D deleted successfully!File %systemroot%\system32\MA8032M.dll not found.Service Cam5603C stopped successfully!Service Cam5603C deleted successfully!File %systemroot%\system32\BCMTPM.dll not found.Service cachemgr stopped successfully!Service cachemgr deleted successfully!File %systemroot%\system32\trlokom_rmhsvc.dll not found.Service BUFADPT stopped successfully!Service BUFADPT deleted successfully!File %systemroot%\system32\fix.dll not found.Service btnetfilter stopped successfully!Service btnetfilter deleted successfully!File %systemroot%\system32\LVCap138.dll not found.Service besclient stopped successfully!Service besclient deleted successfully!File %systemroot%\system32\npkcmsvc.dll not found.Service bdfdll stopped successfully!Service bdfdll deleted successfully!File %systemroot%\system32\A88xXBar.dll not found.Service awecho stopped successfully!Service awecho deleted successfully!File %systemroot%\system32\enum1394.dll not found.Service AVRec stopped successfully!Service AVRec deleted successfully!File %systemroot%\system32\tsmapip.dll not found.Service autostore stopped successfully!Service autostore deleted successfully!File %systemroot%\system32\CiscoVpnInstallService.dll not found.Service ATKFUSService stopped successfully!Service ATKFUSService deleted successfully!File %systemroot%\system32\KS0108.dll not found.Service atitool stopped successfully!Service atitool deleted successfully!File %systemroot%\system32\pchost.dll not found.Service ati stopped successfully!Service ati deleted successfully!File %systemroot%\system32\tmmbd.dll not found.Service AR5416 stopped successfully!Service AR5416 deleted successfully!File %systemroot%\system32\ASMMAP.dll not found.Service Angel2 stopped successfully!Service Angel2 deleted successfully!File %systemroot%\system32\sfng32.dll not found.Service amusbprt stopped successfully!Service amusbprt deleted successfully!File %systemroot%\system32\cmuda.dll not found.Service AlteraByteBlaster stopped successfully!Service AlteraByteBlaster deleted successfully!File %systemroot%\system32\W55U01.dll not found.Service ALABULK stopped successfully!Service ALABULK deleted successfully!File %systemroot%\system32\lxdmCATSCustConnectService.dll not found.Service aksusb stopped successfully!Service aksusb deleted successfully!File %systemroot%\system32\cvspydr2.dll not found.Service Afc stopped successfully!Service Afc deleted successfully!File %systemroot%\system32\lxcj_device.dll not found.Service adpu320 stopped successfully!Service adpu320 deleted successfully!File %systemroot%\system32\tcpip.dll not found.Service acrsch2svc stopped successfully!Service acrsch2svc deleted successfully!File %systemroot%\system32\iaimfp2.dll not found.Service {6080a529-897e-4629-a488-aba0c29b635e} stopped successfully!Service {6080a529-897e-4629-a488-aba0c29b635e} deleted successfully!File %systemroot%\system32\ndistapi.dll not found.========== REGISTRY ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\"netsvcs"|hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00 /E : value set successfully!========== COMMANDS ========== OTL by OldTimer - Version 3.2.39.2 log created on 04112012_172523__________________________________________________________But I was not able to run the Combofix.exe.... I'm not sure what went wrong with it. Link to post Share on other sites More sharing options...
Larusso Posted April 12, 2012 ID:542090 Share Posted April 12, 2012 Lets try a different way to run CF.Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OKCombofix /nombrLet me know if it runs now Link to post Share on other sites More sharing options...
Teed55 Posted April 13, 2012 Author ID:542246 Share Posted April 13, 2012 Still didn't work. It will get to the part where the blue text box is up and will get stuck on "Attempting to create a System Restore point" and won't do anything else. Link to post Share on other sites More sharing options...
Larusso Posted April 13, 2012 ID:542249 Share Posted April 13, 2012 Please run OTL.exe. Under the box paste this innetsvcs/md5startipsec.sys/md5stopMake sure all other windows are closed to let it run uninterrupted. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.Please post this in your next reply. Link to post Share on other sites More sharing options...
Teed55 Posted April 14, 2012 Author ID:542495 Share Posted April 14, 2012 OTL logfile created on: 4/13/2012 10:15:13 PM - Run 3OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\John & Wendy\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.49 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.94% Memory free5.33 Gb Paging File | 4.30 Gb Available in Paging File | 80.66% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 436.71 Gb Free Space | 93.76% Space Free | Partition Type: NTFSComputer Name: DESKTOP-1 | User Name: John & Wendy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exePRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exePRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exePRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exePRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exePRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exePRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exePRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exePRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exePRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exePRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exePRC - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exePRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exePRC - [2010/03/25 12:02:16 | 000,611,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exePRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exePRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exePRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exePRC - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exePRC - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exePRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exePRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exePRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exePRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exePRC - [2009/06/03 17:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exePRC - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/07/08 00:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exePRC - [2005/07/08 00:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exePRC - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2003/12/05 16:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe========== Modules (No Company Name) ==========MOD - [2012/04/12 10:42:38 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dllMOD - [2012/04/11 20:02:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dllMOD - [2012/04/11 20:02:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dllMOD - [2012/04/11 20:02:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dllMOD - [2012/04/11 20:02:12 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dllMOD - [2012/04/11 20:01:00 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dllMOD - [2012/04/04 22:49:18 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dllMOD - [2012/04/04 22:36:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dllMOD - [2012/04/04 22:36:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dllMOD - [2012/04/04 22:35:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dllMOD - [2012/04/04 22:35:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dllMOD - [2012/04/04 22:35:28 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dllMOD - [2012/02/24 10:36:02 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dllMOD - [2012/02/24 10:35:44 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dllMOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dllMOD - [2011/10/16 15:49:04 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dllMOD - [2009/09/29 23:33:08 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dllMOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dllMOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dllMOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dllMOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dllMOD - [2008/04/13 20:12:36 | 000,050,688 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\smss.exeMOD - [2008/04/13 20:12:36 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exeMOD - [2008/04/13 20:12:36 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\icraplus.dllMOD - [2008/04/13 20:12:04 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dllMOD - [2008/04/13 20:12:02 | 000,118,784 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLLMOD - [2008/04/13 13:39:24 | 002,897,920 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (SWMX00) BLKWGU(Belkin)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nHancer.dll -- (snoopfree)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc810.dll -- (se58nd5)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdmaud.dll -- (plsremotesvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issuser.dll -- (pctavsvc)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (dlartl_n)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwrdr.dll -- (DevUpper)SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (CX88AUD)SRV - File not found [Auto | Stopped] -- %systemroot%\system32\keymaestro.dll -- (blueletaudio)SRV - [2012/04/04 22:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV - [2011/08/03 07:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)SRV - [2009/12/28 09:33:01 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)DRV - [2011/05/10 05:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2010/01/29 02:31:44 | 005,884,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2010/01/18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV - [2010/01/07 00:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)DRV - [2009/07/05 22:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)DRV - [2009/06/24 09:16:20 | 000,114,304 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)DRV - [2009/06/05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)IE - HKCU\..\SearchScopes,DefaultScope = {F3DD5844-48DB-43B0-9600-5B21935B5A5A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRCIE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GAM2&o=41647940&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7K&apn_dtid=YYYYYYS8US&apn_uid=8398628C-7E90-4A02-8A79-C61CFCBFAE10&apn_sauid=9C1501A5-5410-45D4-BC67-E05BD61C464AIE - HKCU\..\SearchScopes\{F3DD5844-48DB-43B0-9600-5B21935B5A5A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/31 14:56:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/13 22:15:17 | 000,000,000 | ---D | M][2011/02/24 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John & Wendy\Application Data\Mozilla\ExtensionsHosts file not foundO2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224173650.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)O4 - HKLM..\Run: [ApproveItForOfficeSetup] " /1 /P "C:\PROGRAM FILES\APPROVEIT\" File not foundO4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294364092906 (WUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1599609C-7DBD-4A97-830C-5413467F8C76}: DhcpNameServer = 208.180.42.100 208.180.42.68 192.168.1.1O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2011/01/06 20:06:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: mcusrmgr - File not foundNetSvcs: avcgbdr - File not foundNetSvcs: streamloadservice - File not foundNetSvcs: nvidesm - File not foundNetSvcs: QWAVEDRV - File not foundNetSvcs: WmdmPmSp - File not found========== Files/Folders - Created Within 30 Days ==========[2012/04/13 22:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee[2012/04/12 13:11:59 | 000,000,000 | --SD | C] -- C:\ComboFix[2012/04/12 13:07:52 | 004,460,173 | R--- | C] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe[2012/04/11 17:25:23 | 000,000,000 | ---D | C] -- C:\_OTL[2012/04/11 17:23:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2012/04/09 22:27:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe[2012/04/09 11:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons[2012/04/09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2012/04/09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2012/04/09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2012/04/09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2012/04/09 11:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/04/09 11:41:41 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/04/09 11:25:44 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys[2012/04/09 11:25:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/04/08 12:27:43 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe[2012/04/06 23:19:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John & Wendy\Start Menu\Programs\Administrative Tools[2012/04/06 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\LogMeIn Hamachi[2012/04/06 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi[2012/04/05 22:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi[2012/04/04 22:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John & Wendy\Local Settings\Application Data\PCHealth[2012/04/04 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth[2012/04/04 17:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2012/04/04 17:51:22 | 000,000,000 | ---D | C] -- C:\6802ba65daf0b3e792[2012/04/04 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com[2012/04/04 17:39:15 | 000,000,000 | ---D | C] -- C:\Firefox[2012/04/04 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2012/04/04 17:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask[2012/04/04 16:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft[2012/04/02 18:00:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys[2012/04/02 18:00:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys[2012/04/02 18:00:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys[2012/03/31 15:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp[2012/03/31 15:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google[2012/03/31 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google[2012/03/31 15:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome[2012/03/31 14:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2012/03/31 14:56:53 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys[2012/03/31 14:55:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys[2012/03/31 14:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys[2012/03/31 14:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/13 22:17:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\icraplus.dll[2012/04/13 22:14:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP[2012/04/13 22:12:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/04/13 22:11:39 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd[2012/04/13 22:11:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/04/13 22:11:26 | 000,754,927 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB[2012/04/12 13:07:52 | 004,460,173 | R--- | M] (Swearware) -- C:\Documents and Settings\John & Wendy\Desktop\ComboFix.exe[2012/04/12 12:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/04/12 12:45:04 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx[2012/04/12 10:46:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job[2012/04/12 10:14:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Microsoft Office Word 2007.lnk[2012/04/11 20:01:12 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/04/11 20:01:12 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/04/11 18:01:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk[2012/04/11 17:16:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2012/04/09 22:57:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/09 22:27:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John & Wendy\Desktop\OTL.exe[2012/04/09 11:44:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2012/04/09 11:25:44 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\67092840.sys[2012/04/09 11:22:48 | 002,052,384 | ---- | M] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip[2012/04/08 12:27:43 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.exe[2012/04/06 13:18:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak[2012/04/06 08:52:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2012/04/05 00:52:03 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2012/04/04 22:40:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/04/04 19:28:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2012/04/01 22:14:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk[2012/03/31 14:55:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========File not found -- C:\WINDOWS\System32\cwbrxd.dll[2012/04/11 18:01:37 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\Google Chrome.lnk[2012/04/09 22:23:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd[2012/04/09 12:04:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP[2012/04/09 11:44:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2012/04/09 11:44:49 | 000,260,272 | RHS- | C] () -- C:\cmldr[2012/04/09 11:42:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[2012/04/09 11:42:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[2012/04/09 11:42:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2012/04/09 11:42:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2012/04/09 11:42:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2012/04/09 11:22:47 | 002,052,384 | ---- | C] () -- C:\Documents and Settings\John & Wendy\Desktop\tdsskiller.zip[2012/04/04 22:56:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012/04/04 19:50:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll[2012/04/04 19:28:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk[2012/04/04 19:28:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2012/04/02 18:31:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/03/31 15:00:12 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk[2012/03/31 14:55:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0349.old[2011/12/11 23:10:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll[2011/12/11 20:16:00 | 000,011,716 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\54e0w245m2huy6u70n6ac[2011/12/10 21:02:54 | 000,013,192 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\238265v6n322a423v050j2plu8g0[2011/08/20 10:13:21 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data[2011/08/20 09:53:15 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2011/08/20 09:53:13 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2011/08/20 09:53:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2011/08/11 12:57:45 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2011/05/11 17:52:26 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/01/09 16:32:24 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI[2011/01/09 15:40:35 | 000,019,752 | ---- | C] () -- C:\WINDOWS\HPHins02.dat[2011/01/09 15:40:35 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat[2011/01/09 15:40:25 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe[2011/01/09 15:40:17 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat[2011/01/07 15:21:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe[2011/01/06 23:30:53 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin[2011/01/06 23:30:53 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin[2011/01/06 23:30:53 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll[2011/01/06 23:30:53 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config[2011/01/06 23:15:34 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys[2011/01/06 23:14:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll[2011/01/06 23:14:14 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys[2011/01/06 23:14:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys[2011/01/06 23:14:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys[2011/01/06 21:57:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2011/01/06 20:28:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll[2011/01/06 20:26:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2011/01/06 20:26:06 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini[2011/01/06 20:26:02 | 000,032,613 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2011/01/06 20:26:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2011/01/06 20:07:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2011/01/06 20:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2011/01/06 11:56:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2011/01/06 11:55:23 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/07/31 10:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin========== LOP Check ==========[2012/04/04 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask[2011/02/09 21:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems[2012/04/06 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge[2011/12/11 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon[2011/01/09 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital[2011/12/20 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\PureEdge[2011/08/20 10:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\SPORE[2011/01/09 16:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John & Wendy\Application Data\Western Digital========== Purity Check ==================== Custom Scans ==========< MD5 for: IPSEC.SYS >[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys[2004/08/04 02:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys========== Alternate Data Streams ==========@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84< End of report >OTL log: Link to post Share on other sites More sharing options...
Larusso Posted April 14, 2012 ID:542705 Share Posted April 14, 2012 Hy thereHow is your system behaving now ? Link to post Share on other sites More sharing options...
Teed55 Posted April 25, 2012 Author ID:545817 Share Posted April 25, 2012 Sorry, things got very busy here. I'm not sure what happened or what I did...but now the computer won't access the internet. When I try to run the update (it is up to date) on Malwarebytes I get the PROGRAM_ERROR_UPDATING (0,0, Host not found). I'm using my laptop to post this, not sure what to do now on the desktop. Link to post Share on other sites More sharing options...
Recommended Posts