Solved ZeroAccess trojan messages from McAfee and web browser failures

[Resolved] ZeroAccess trojan messages from McAfee and web browser failures

This was originally posted erroneously in the "Operating Systems/Windows XP" section of the forum on 3/31/2012.

I am looking for assistance in removing malware that has infected my system. I am running Windows XP Home Edition Version 2002 SP3.

In the last week or two, I have noticed a bit of a drag on my system performance and my web browsers have occasionally been locking up (Mozilla Firefox) or closing by themselves (MS Internet Explorer). Yesterday I ran a full scan using McAfee, and the results showed that several viruses/Trojans were removed or quarantined. I also ran a full scan using Malwarebytes Ant-Malware. Malwarebytes did not find any problems.

After running those scans, a McAfee "Trojan Removed" notification message pops up several times an hour saying that "McAfee detected and automatically removed a Trojan from your PC. No further action is required." There is a 'More' link on these pop-up messages and when I click that, it always identifies the trojan name as "ZeroAccess ". The file referenced on the 'More' message identifying where the trojan was quarantined from is always in the C:\Windows\system32 folder, but the file name is different on each instance of the notification. Today, I ran a McAfee scan just on the C:\Windows\system32 folder and it did not identify any problems.

I addition to the recurring McAfee notification pop-ups, my web browsers are still periodically locking or automatically closing. Sometimes the entire laptop locks up and I have to reboot.

Any help that can be provided to troubleshoot and resolve these issues would be much appreciated.

Thanks.

On 4/1/12:
1. The Windows Firewall was turned on.

2. McAffee Securitycenter antivirus was updated and a full scan was completed.

3. Malwarebytes Anti-Malware was updated and a quick scan was completed.

Here is the first part of the gmer.log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 13:34:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
Running: v6oy65d6.exe; Driver: C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9ED04D6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9ED0502]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9ED0558]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9ED04AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9ED0484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9ED0498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9ED04EC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9ED052E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9ED0582]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9ED056E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9ED0542]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9ED0546 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9ED055C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9ED0572 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 1 Byte [E9]
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9ED0532 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9ED0488 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9ED049C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9ED0586 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9ED04F0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9ED04DA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9ED0506 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9ED04B0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text netbt.sys!?CancelTimeNew@@IJGI@X B0898000 186 Bytes [89, 01, 81, 7D, 10, 16, 00, ...]
.text netbt.sys!?MediaTypeA@@IJPAXPAJG@X + 9E B08980BC 31 Bytes [F6, 40, 07, 10, 0F, 84, 29, ...]
.text netbt.sys!?MediaTypeA@@IJPAXPAJG@X + BE B08980DC 22 Bytes [41, FC, 8B, 76, 60, 8B, 43, ...]
.text netbt.sys!?MediaTypeA@@IJPAXPAJG@X + D5 B08980F3 109 Bytes [46, 1C, 5E, 7F, 89, B0, 89, ...]
.text netbt.sys!?MediaTypeA@@IJPAXPAJG@X + 143 B0898161 42 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text netbt.sys!?MediaTypeA@@IJPAXPAJG@X + 16E B089818C 1 Byte [D1]
.text ...
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[304] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\svchost.exe[304] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AB0FD4
.text C:\WINDOWS\system32\svchost.exe[304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0056
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0F57
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA002F
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0F72
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA0F9E
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F15
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA0067
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA0EE9
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA0082
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA00A7
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA0F8D
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0FD4
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA0F3C
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0FB9
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0F04
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00F9E
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00051
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B00FAF
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 88]
.text C:\WINDOWS\system32\svchost.exe[304] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0F75
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0F90
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0FB5
.text C:\WINDOWS\system32\svchost.exe[304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF0FC6
.text C:\WINDOWS\system32\svchost.exe[304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[304] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[304] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[304] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[304] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01150FD4
.text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0115000A
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0114000A
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01140F66
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0114005B
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0114004A
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01140F8D
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01140FB9
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01140078
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01140F30
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011400AE
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01140093
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01140EFA
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01140F9E
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0114001B
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01140F4B
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01140FDE
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01140FEF
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01140F15
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01350FDE
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01350F97
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01350FEF
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0135001B
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01350FB2
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0135000A
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01350FC3
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 89]
.text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0135004A
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01340FB5
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!system 77C293C7 5 Bytes JMP 01340FC6
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0134001B
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01340FEF
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0134002C
.text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01340000
.text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01170000
.text C:\WINDOWS\system32\svchost.exe[352] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 01160FE5
.text C:\WINDOWS\system32\svchost.exe[352] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 01160FD4
.text C:\WINDOWS\system32\svchost.exe[352] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 01160FC3
.text C:\WINDOWS\system32\svchost.exe[352] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 01160FA8
.text C:\WINDOWS\System32\svchost.exe[552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710000
.text C:\WINDOWS\System32\svchost.exe[552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710036
.text C:\WINDOWS\System32\svchost.exe[552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071001B
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F5F
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0070004A
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F70
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700039
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FA8
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F18
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F29
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0070008C
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700EF3
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00700ED8
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700F97
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700F44
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FB9
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0070007B
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0040
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F83
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0FA8
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FB9
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88]
.text C:\WINDOWS\System32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0FCA
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E005D
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FC8
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0027
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0038
.text C:\WINDOWS\System32\svchost.exe[552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[552] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0000
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920FDE
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F57
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091004C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F72
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910F83
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910FAF
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F0E
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910F1F
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910096
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0091007B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009100A7
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F3C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910EFD
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FBC
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900054
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00900FCD
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900043
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00900032
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900FAB
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A6004E
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A6003D
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60FCD
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60022
.text C:\WINDOWS\system32\svchost.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 00930014
.text C:\WINDOWS\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A5000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\program files\real\realplayer\update\realsched.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\services.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\services.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\services.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780081
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780070
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0078005F
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0078004E
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0078003D
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F54
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F71
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800DC
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800CB
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780101
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FB6
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780011
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780092
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FD1
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\services.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780F43
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0094001B
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00940F86
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00940FD4
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00940F97
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00940FA8
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B4, 88] {MOV AH, 0x88}
.text C:\WINDOWS\system32\services.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00940FB9
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0F86
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0011
.text C:\WINDOWS\system32\services.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0FC6
.text C:\WINDOWS\system32\services.exe[1600] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091001B
.text C:\WINDOWS\system32\lsass.exe[1640] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F66
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0090005B
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900F83
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900F2E
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900080
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F0C
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F1D
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000C0
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F55
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\lsass.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900091
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FC0
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30062
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C3003D
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F9B
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyA

 

Here is the more of the GMER log (part 2 of 3):

.text C:\WINDOWS\system32\lsass.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30022
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F81
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20016
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC1
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FA6
.text C:\WINDOWS\system32\lsass.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\lsass.exe[1640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\lsass.exe[1640] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\lsass.exe[1640] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\lsass.exe[1640] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\lsass.exe[1640] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F10F5A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F10F6B
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10F7C
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10F8D
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F10F9E
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F10F1D
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10F38
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F100A5
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F1008A
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F10EE7
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10F49
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10FC3
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F10014
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F10F0C
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02430FD4
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0243005B
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0243001B
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0243000A
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02430F9E
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02430FE5
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02430FB9
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [63, 8A]
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02430040
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02420F95
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 02420FA6
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0242000C
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02420FEF
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02420FB7
.text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02420FD2
.text C:\WINDOWS\system32\svchost.exe[1812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30FAC
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C300A1
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30090
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30FD1
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3004E
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C300DE
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C300CD
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F74
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C3010D
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C3011E
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30069
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C300BC
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C3003D
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F85
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E50FBC
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E50032
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E50FCD
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E50F75
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E50F90
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [05, 89]
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E50FA1
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40FB0
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40FC1
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FD2
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40031
.text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40FE3
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\System32\svchost.exe[1912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02770000
.text C:\WINDOWS\System32\svchost.exe[1912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02770FD4
.text C:\WINDOWS\System32\svchost.exe[1912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02770FEF
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 021D0000
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 021D0F59
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 021D0F74
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 021D0058
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 021D0F9B
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 021D0FC0
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 021D0090
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 021D0F48
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021D0F23
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 021D00C6
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 021D0F12
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 021D003D
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 021D0FE5
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 021D0069
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 021D0022
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 021D0011
.text C:\WINDOWS\System32\svchost.exe[1912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021D00AB
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 018D0FC3
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 018D0F75
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 018D0014
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 018D0FD4
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 018D0F86
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 018D0FEF
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 018D0F97
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AD, 89]
.text C:\WINDOWS\System32\svchost.exe[1912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 018D0FB2
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 018C006E
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!system 77C293C7 5 Bytes JMP 018C0053
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 018C0027
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 018C0000
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 018C0038
.text C:\WINDOWS\System32\svchost.exe[1912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 018C0FE3
.text C:\WINDOWS\System32\svchost.exe[1912] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 018B0FEF
.text C:\WINDOWS\System32\svchost.exe[1912] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[1912] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 00990011
.text C:\WINDOWS\System32\svchost.exe[1912] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 00990FD1
.text C:\WINDOWS\System32\svchost.exe[1912] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 00990022
.text C:\WINDOWS\System32\svchost.exe[2016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710FEF
.text C:\WINDOWS\System32\svchost.exe[2016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710FD4
.text C:\WINDOWS\System32\svchost.exe[2016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071000A
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F7E
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700073
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700062
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700FAF
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700040
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0070008E
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F46
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F1A
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007000A9
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000C4
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700051
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700F63
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FDE
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0070002F
.text C:\WINDOWS\System32\svchost.exe[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F2B
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0047
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0FAF
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0036
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F001B
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0FC0
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F0062
.text C:\WINDOWS\System32\svchost.exe[2016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E004C
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FC1
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0027
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FD2
.text C:\WINDOWS\System32\svchost.exe[2016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[2016] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C008C
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C007B
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0054
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0043
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FBC
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F69
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C00B1
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0102
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00E7
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0F4E
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0FA1
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F86
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C001E
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FCD
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00CC
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0073
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B002C
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0011
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0058
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0FB6
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FDB
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0031
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FA6
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0016
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FB7
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70054
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F55
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F7002F
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F72
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70080
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F2E
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70EF1
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F0C
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70EE0
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70065
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[2312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F1D
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FCD
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F86
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FDE
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60043
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60F97
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FB2
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50053
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FC8
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50038
.text C:\WINDOWS\System32\svchost.exe[2312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50011
.text C:\WINDOWS\System32\svchost.exe[2312] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F4000A
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00880FEF
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0088000A
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00880FD4
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00870000
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00870F79
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00870F94
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0087006C
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0087005B
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00870FCA
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00870F41
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00870089
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008700BF
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00870F26
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00870F0B
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00870FB9
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00870FE5
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00870F68
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00870036
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0087001B
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008700A4
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0086001B
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00860073
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00860FD4
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00860FEF
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00860058
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00860000
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00860047
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00860036
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00850055
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00850FCA
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00850029
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00850FEF
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0085003A
.text \\.\globalroot\SystemRoot\system32\svchost.exe[3972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00850018
.text C:\WINDOWS\Explorer.EXE[4048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03570FEF
.text C:\WINDOWS\Explorer.EXE[4048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03570014
.text C:\WINDOWS\Explorer.EXE[4048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03570FDE
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03560FE5
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03560F94
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03560FA5
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03560073
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03560062
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03560FCA
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03560F37
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03560F5E
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 035600A4
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03560F0B
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03560EF0
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03560047
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0356000A
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03560F6F
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03560036
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03560025
.text C:\WINDOWS\Explorer.EXE[4048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03560F1C
.

 

Here is the last part of the GMER.log (part 3 of 3):

.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03550047
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0355008E
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0355002C
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03550011
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03550073
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03550000
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03550FDB
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [75, 8B] {JNZ 0xffffffffffffff8d}
.text C:\WINDOWS\Explorer.EXE[4048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03550062
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03540069
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!system 77C293C7 5 Bytes JMP 03540058
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0354002C
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03540000
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0354003D
.text C:\WINDOWS\Explorer.EXE[4048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03540011
.text C:\WINDOWS\Explorer.EXE[4048] WININET.dll!InternetOpenA 3D953089 5 Bytes JMP 024C0000
.text C:\WINDOWS\Explorer.EXE[4048] WININET.dll!InternetOpenW 3D9536B9 5 Bytes JMP 024C0025
.text C:\WINDOWS\Explorer.EXE[4048] WININET.dll!InternetOpenUrlA 3D956F62 5 Bytes JMP 024C0FE5
.text C:\WINDOWS\Explorer.EXE[4048] WININET.dll!InternetOpenUrlW 3D998529 5 Bytes JMP 024C0036
.text C:\WINDOWS\Explorer.EXE[4048] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 033A0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1532] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1532] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B92F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B92C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01B92CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B92CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01422F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01422C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01422CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01422CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat AC902D20
Device \FileSystem\Fastfat \Fat AC8FF7B4

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B097D000-B0998000 (110592 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 2880
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 4884
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5820

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 192410505

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB33595$\1586224560 0 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\cfg.ini 63 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\L 0 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\L\odetmngk 162816 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\oemid 187 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U 0 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000032.@ 115200 bytes
File C:\WINDOWS\$NtUninstallKB33595$\1586224560\version 861 bytes
File C:\WINDOWS\$NtUninstallKB33595$\602179873 0 bytes

---- EOF - GMER 1.0.15 ----


Here is the aswMBR.txt file:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 13:46:55
-----------------------------
13:46:55.265 OS Version: Windows 5.1.2600 Service Pack 3
13:46:55.265 Number of processors: 2 586 0xE08
13:46:55.265 ComputerName: BRANDON UserName:
13:46:57.203 Initialize success
13:47:46.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:47:46.281 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 93958MB BusType: 3
13:47:46.328 Disk 0 MBR read successfully
13:47:46.328 Disk 0 MBR scan
13:47:46.328 Disk 0 unknown MBR code
13:47:46.359 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
13:47:46.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68284 MB offset 96390
13:47:46.437 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22042 MB offset 139958280
13:47:46.500 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3569 MB offset 185100930
13:47:46.515 Disk 0 scanning sectors +192410505
13:47:46.593 Disk 0 PE file @ sector 192410505 !
13:47:46.750 Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:30.109 File: C:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
13:48:53.968 Disk 0 trace - called modules:
13:48:54.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x883acfd0]<<
13:48:54.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa1cab8]
13:48:54.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a688030]
13:48:54.000 \Driver\00001476[0x8a68c770] -> IRP_MJ_CREATE -> 0x883acfd0
13:48:54.015 Scan finished successfully
13:49:31.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat "
13:49:31.156 The log file has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\aswMBR.txt "


Here is the dds.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_29
Run by Brandon McGahee at 13:55:05 on 2012-04-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1193 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\F5D8051v2\chkdev.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.msn.com/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111224063224.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\NetWaiting.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [eTrustPPAP] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPActiveDetection.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8051v2\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F} : DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brandon mcgahee\application data\mozilla\firefox\profiles\6akbzgc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-8 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-19 89792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-19 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-19 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-19 150856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-19 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-8 180816]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-19 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83856]
S2 avgascln;RushTopDevice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcpromgr;NICSer_WPC54G;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavprsrv;HssTrayService;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 savrtpel;Db2remotecmd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
S2 starwindservice;Msftpsvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ZDCNDIS5;VIAPFD;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-8 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-19 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-8 40552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-2-27 30576]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
.
=============== Created Last 30 ================
.
2012-04-01 05:15:40 57176 ----a-w- c:\windows\RGI580.tmp
2012-03-28 03:10:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-28 00:02:55 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b20582e6-df5e-470e-8850-b1f47903bb60}\mpengine.dll
2012-03-18 02:12:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 02:12:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-01 14:09:03 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-01 05:24:30 0 ----a-w- c:\windows\system32\dsNcAdpt.dll
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 20:30:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:55:57.04 ===============

 

Here is the attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2006 6:00:14 PM
System Uptime: 4/1/2012 10:03:02 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 33.025 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 21.462 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP130: 1/26/2012 7:38:16 AM - System Checkpoint
RP131: 1/27/2012 8:18:31 AM - Software Distribution Service 3.0
RP132: 1/28/2012 8:27:54 AM - System Checkpoint
RP133: 1/29/2012 10:15:50 PM - System Checkpoint
RP134: 1/31/2012 10:53:42 AM - Software Distribution Service 3.0
RP135: 2/3/2012 5:56:11 PM - System Checkpoint
RP136: 2/3/2012 6:00:08 PM - Software Distribution Service 3.0
RP137: 2/5/2012 12:49:18 AM - System Checkpoint
RP138: 2/6/2012 1:39:05 AM - System Checkpoint
RP139: 2/7/2012 3:34:02 AM - Software Distribution Service 3.0
RP140: 2/7/2012 10:51:58 PM - Software Distribution Service 3.0
RP141: 2/9/2012 8:25:47 PM - System Checkpoint
RP142: 2/10/2012 4:50:44 PM - Software Distribution Service 3.0
RP143: 2/11/2012 9:26:31 PM - System Checkpoint
RP144: 2/12/2012 9:39:38 PM - System Checkpoint
RP145: 2/14/2012 6:59:43 PM - System Checkpoint
RP146: 2/14/2012 11:24:19 PM - Software Distribution Service 3.0
RP147: 2/15/2012 3:00:20 AM - Software Distribution Service 3.0
RP148: 2/15/2012 9:19:24 PM - Software Distribution Service 3.0
RP149: 2/16/2012 9:36:46 PM - System Checkpoint
RP150: 2/17/2012 7:30:11 PM - Software Distribution Service 3.0
RP151: 2/19/2012 12:39:22 AM - System Checkpoint
RP152: 2/21/2012 4:42:21 AM - System Checkpoint
RP153: 2/21/2012 5:18:20 AM - Software Distribution Service 3.0
RP154: 2/22/2012 5:33:50 AM - System Checkpoint
RP155: 2/23/2012 7:23:35 AM - System Checkpoint
RP156: 2/24/2012 7:53:55 AM - System Checkpoint
RP157: 2/24/2012 6:03:21 PM - Software Distribution Service 3.0
RP158: 2/26/2012 11:30:18 AM - System Checkpoint
RP159: 2/27/2012 10:04:05 PM - System Checkpoint
RP160: 2/28/2012 1:03:56 PM - Software Distribution Service 3.0
RP161: 2/29/2012 6:49:45 PM - System Checkpoint
RP162: 3/1/2012 11:33:34 PM - System Checkpoint
RP163: 3/2/2012 12:56:35 AM - Software Distribution Service 3.0
RP164: 3/3/2012 1:50:11 AM - System Checkpoint
RP165: 3/4/2012 5:12:22 AM - System Checkpoint
RP166: 3/5/2012 5:56:10 PM - System Checkpoint
RP167: 3/6/2012 6:20:21 PM - System Checkpoint
RP168: 3/6/2012 11:02:06 PM - Software Distribution Service 3.0
RP169: 3/8/2012 12:50:32 AM - System Checkpoint
RP170: 3/9/2012 1:45:50 AM - System Checkpoint
RP171: 3/9/2012 6:00:39 PM - Software Distribution Service 3.0
RP172: 3/10/2012 7:05:07 PM - System Checkpoint
RP173: 3/11/2012 8:39:59 PM - System Checkpoint
RP174: 3/13/2012 1:14:28 AM - System Checkpoint
RP175: 3/13/2012 9:17:27 PM - Software Distribution Service 3.0
RP176: 3/13/2012 9:25:32 PM - Software Distribution Service 3.0
RP177: 3/14/2012 10:32:01 PM - System Checkpoint
RP178: 3/16/2012 4:41:16 PM - Software Distribution Service 3.0
RP179: 3/17/2012 11:55:37 PM - System Checkpoint
RP180: 3/19/2012 5:55:07 PM - System Checkpoint
RP181: 3/20/2012 5:28:44 PM - Software Distribution Service 3.0
RP182: 3/21/2012 6:32:53 PM - System Checkpoint
RP183: 3/22/2012 11:17:41 PM - Software Distribution Service 3.0
RP184: 3/23/2012 10:17:37 PM - Software Distribution Service 3.0
RP185: 3/25/2012 9:39:46 AM - System Checkpoint
RP186: 3/26/2012 7:24:40 PM - System Checkpoint
RP187: 3/27/2012 7:27:46 PM - System Checkpoint
RP188: 3/27/2012 8:02:50 PM - Software Distribution Service 3.0
RP189: 3/28/2012 9:30:36 PM - System Checkpoint
RP190: 3/30/2012 5:51:31 PM - System Checkpoint
RP191: 4/1/2012 3:46:27 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.57
725plc32
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
Belkin N1 Wireless USB Network Adapter Setup
Broadcom Management Programs
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
iS3 STOPzilla Toolbar
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 3.9.5 (Full)
Learn2 Player (Uninstall Only)
Logitech Legacy USB Camera Driver Package
Logitech Updater
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Project Professional 2010 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14 (Beta)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Modem Helper
Mozilla Firefox 11.0 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mZConfig
NetWaiting
Network Recording Player
NetZeroInstallers
NTI Shadow
Opera 11.61
PowerDVD 5.7
QuickSet
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Search Assist
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.5
Snagit 10
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TestDrive Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebEx
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinZip 14.5
WordPerfect Office 12
WOT for Internet Explorer
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/1/2012 7:39:48 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/1/2012 7:39:48 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/1/2012 10:05:30 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/1/2012 10:05:15 AM, error: System Error [1003] - Error code 100000d1, parameter1 007000c9, parameter2 00000005, parameter3 00000000, parameter4 b9f36d23.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Zpcollector service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Wuser32 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The WinHttpAutoProxySvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Wg3n service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Websensewfreportserver service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Vwkernel service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Vvoice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Vulfntrs service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The VIAPFD service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Veteboot service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Vc5secs service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The V2imount service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Uscbs108 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Usbsermpt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Trcboot service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Tmesbs32 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Telnet service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Symsecureport service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Susbser service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Sus2pl service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Stylexpservice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Ssidrv service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Sscdmdm service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The SrvcTPIOMngr service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Sp_clamsrv service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Snpstd2 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Snapman service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Sfilter service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Se58obex service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Se44mgmt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Schscnt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The S217bus service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The S116mgmt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The RushTopDevice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Roxupnpserver service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Roxupnprenderer service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The RMSvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Rdpdd service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Rampartsvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Qhwscsvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Purgeieservice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The PTDCVsp service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Protectionservice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Pimsgss service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Phc600 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The PEVSystemStart service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Pdlnacom service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Pcradminserver service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The PAR1284 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Nvmd service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The NICSer_WPC54G service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Netrcacm service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Netdevio service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The MTDVC2_ENUM service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Msftpsvc service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Midisyn service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The M2500 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Lxda_device service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Lirsgt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Lilsgt service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The L1e service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Inetaccs service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Imagedrv service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The HssTrayService service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Houdinilicenseserver service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Hibernation service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The HFACSVC service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Googledesktopmanager service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Ftpds service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Freepops service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Euq_monitor service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Enum1394 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The E1000 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The DS1410D service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Dmisrv service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The DMICall service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Dm1service service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Dlbx_device service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Digictrl service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Dcsloader service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Db2remotecmd service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The CTMFLT service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The CTEDSPFX.DLL service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Coste service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Cis1284 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Cdr4_xp service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Cap7134 service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Caisafe service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The BrScnUsb service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The BLKWGU(Belkin) service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Bhmonitorservice service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The BCMWLNPF service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Avcgbdr service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Atmuni service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The ATIVTUTW service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The AsusACPI service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Askernel service terminated with the following error: The specified module could not be found.
4/1/2012 10:03:57 AM, error: Service Control Manager [7023] - The Acnusvc service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

 

And here is the Malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Brandon McGahee :: BRANDON [administrator]

4/1/2012 6:51:44 AM
mbam-log-2012-04-01 (06-51-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227330
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Here is the TDSSKiller log (part 1 of 2):

16:24:25.0593 4132 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:24:26.0578 4132 ============================================================
16:24:26.0578 4132 Current date / time: 2012/04/01 16:24:26.0578
16:24:26.0578 4132 SystemInfo:
16:24:26.0578 4132
16:24:26.0578 4132 OS Version: 5.1.2600 ServicePack: 3.0
16:24:26.0578 4132 Product type: Workstation
16:24:26.0578 4132 ComputerName: BRANDON
16:24:26.0578 4132 UserName: Brandon McGahee
16:24:26.0578 4132 Windows directory: C:\WINDOWS
16:24:26.0578 4132 System windows directory: C:\WINDOWS
16:24:26.0578 4132 Processor architecture: Intel x86
16:24:26.0578 4132 Number of processors: 2
16:24:26.0578 4132 Page size: 0x1000
16:24:26.0578 4132 Boot type: Normal boot
16:24:26.0578 4132 ============================================================
16:24:29.0218 4132 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:29.0218 4132 \Device\Harddisk0\DR0:
16:24:29.0218 4132 MBR used
16:24:29.0218 4132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x855E0C1
16:24:29.0218 4132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8579808, BlocksNum 0x2B0D27A
16:24:29.0296 4132 Initialize success
16:24:29.0296 4132 ============================================================
16:24:45.0453 4704 ============================================================
16:24:45.0453 4704 Scan started
16:24:45.0453 4704 Mode: Manual;
16:24:45.0453 4704 ============================================================
16:24:46.0109 4704 A4S2600 - ok
16:24:46.0125 4704 aaksrv - ok
16:24:46.0156 4704 Abiosdsk - ok
16:24:46.0203 4704 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:24:46.0203 4704 abp480n5 - ok
16:24:46.0250 4704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:46.0250 4704 ACPI - ok
16:24:46.0265 4704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:24:46.0265 4704 ACPIEC - ok
16:24:46.0281 4704 acrotray - ok
16:24:46.0312 4704 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:24:46.0312 4704 adpu160m - ok
16:24:46.0343 4704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:24:46.0343 4704 aec - ok
16:24:46.0421 4704 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:24:46.0421 4704 AegisP - ok
16:24:46.0453 4704 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:24:46.0453 4704 AFD - ok
16:24:46.0500 4704 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:24:46.0500 4704 agp440 - ok
16:24:46.0515 4704 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:24:46.0515 4704 agpCPQ - ok
16:24:46.0562 4704 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:24:46.0562 4704 Aha154x - ok
16:24:46.0640 4704 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:24:46.0640 4704 aic78u2 - ok
16:24:46.0671 4704 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:24:46.0671 4704 aic78xx - ok
16:24:46.0687 4704 aksusb - ok
16:24:46.0734 4704 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:24:46.0750 4704 Alerter - ok
16:24:46.0781 4704 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:24:46.0781 4704 ALG - ok
16:24:46.0859 4704 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:24:46.0859 4704 AliIde - ok
16:24:46.0937 4704 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:24:46.0937 4704 alim1541 - ok
16:24:46.0953 4704 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:24:46.0968 4704 amdagp - ok
16:24:47.0000 4704 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:24:47.0000 4704 amsint - ok
16:24:47.0046 4704 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
16:24:47.0046 4704 APPDRV - ok
16:24:47.0046 4704 AppMgmt - ok
16:24:47.0093 4704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:24:47.0093 4704 Arp1394 - ok
16:24:47.0140 4704 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:24:47.0140 4704 asc - ok
16:24:47.0156 4704 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:24:47.0156 4704 asc3350p - ok
16:24:47.0203 4704 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:24:47.0203 4704 asc3550 - ok
16:24:47.0281 4704 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:24:47.0390 4704 aspnet_state - ok
16:24:47.0515 4704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:47.0515 4704 AsyncMac - ok
16:24:47.0546 4704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:47.0546 4704 atapi - ok
16:24:47.0562 4704 Atdisk - ok
16:24:47.0625 4704 Ati HotKey Poller (954c1d5b84d1cf925999a4c27e2ab34d) C:\WINDOWS\system32\Ati2evxx.exe
16:24:47.0625 4704 Ati HotKey Poller - ok
16:24:47.0750 4704 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:24:47.0765 4704 ati2mtag - ok
16:24:47.0765 4704 ATIBTCAP - ok
16:24:47.0812 4704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:47.0812 4704 Atmarpc - ok
16:24:47.0906 4704 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:24:47.0906 4704 AudioSrv - ok
16:24:47.0968 4704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:47.0968 4704 audstub - ok
16:24:47.0984 4704 avgascln - ok
16:24:47.0984 4704 AVRec - ok
16:24:48.0000 4704 backupexecnotificationserver - ok
16:24:48.0031 4704 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:24:48.0031 4704 bcm4sbxp - ok
16:24:48.0046 4704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:24:48.0046 4704 Beep - ok
16:24:48.0062 4704 belgium_id_card_service - ok
16:24:48.0093 4704 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:24:48.0109 4704 BITS - ok
16:24:48.0125 4704 bocdrive - ok
16:24:48.0156 4704 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:24:48.0156 4704 Browser - ok
16:24:48.0203 4704 bt3cser - ok
16:24:48.0281 4704 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
16:24:48.0296 4704 btaudio - ok
16:24:48.0328 4704 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
16:24:48.0328 4704 BTDriver - ok
16:24:48.0375 4704 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:24:48.0390 4704 BTKRNL - ok
16:24:48.0515 4704 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
16:24:48.0515 4704 BTSERIAL - ok
16:24:48.0593 4704 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:24:48.0718 4704 btwdins - ok
16:24:48.0828 4704 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:24:48.0828 4704 BTWDNDIS - ok
16:24:48.0890 4704 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
16:24:48.0890 4704 btwhid - ok
16:24:48.0906 4704 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
16:24:48.0906 4704 btwmodem - ok
16:24:48.0921 4704 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
16:24:48.0921 4704 BTWUSB - ok
16:24:48.0937 4704 BUFADPT - ok
16:24:48.0953 4704 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:24:48.0953 4704 cbidf - ok
16:24:48.0968 4704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:24:48.0968 4704 cbidf2k - ok
16:24:49.0000 4704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:24:49.0015 4704 CCDECODE - ok
16:24:49.0062 4704 ccflic0 - ok
16:24:49.0109 4704 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:24:49.0109 4704 cd20xrnt - ok
16:24:49.0125 4704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:24:49.0125 4704 Cdaudio - ok
16:24:49.0156 4704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:24:49.0156 4704 Cdfs - ok
16:24:49.0187 4704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:24:49.0187 4704 Cdrom - ok
16:24:49.0203 4704 cfgwzsvc - ok
16:24:49.0218 4704 cfsvcs - ok
16:24:49.0265 4704 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
16:24:49.0265 4704 cfwids - ok
16:24:49.0328 4704 Changer - ok
16:24:49.0343 4704 cidaemon - ok
16:24:49.0375 4704 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:24:49.0390 4704 CiSvc - ok
16:24:49.0406 4704 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:24:49.0406 4704 ClipSrv - ok
16:24:49.0484 4704 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:49.0578 4704 clr_optimization_v2.0.50727_32 - ok
16:24:49.0687 4704 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:24:49.0687 4704 CmBatt - ok
16:24:49.0734 4704 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:24:49.0734 4704 CmdIde - ok
16:24:49.0781 4704 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:24:49.0781 4704 Compbatt - ok
16:24:49.0796 4704 COMSysApp - ok
16:24:49.0828 4704 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:24:49.0828 4704 Cpqarray - ok
16:24:49.0859 4704 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:24:49.0859 4704 CryptSvc - ok
16:24:49.0953 4704 ctusfsyn - ok
16:24:50.0078 4704 cwafreportscheduler - ok
16:24:50.0156 4704 cxusb - ok
16:24:50.0203 4704 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:24:50.0203 4704 dac2w2k - ok
16:24:50.0234 4704 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:24:50.0234 4704 dac960nt - ok
16:24:50.0296 4704 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:24:50.0312 4704 DcomLaunch - ok
16:24:50.0343 4704 defragfs - ok
16:24:50.0406 4704 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:24:50.0421 4704 Dhcp - ok
16:24:50.0453 4704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:24:50.0468 4704 Disk - ok
16:24:50.0468 4704 dlcf_device - ok
16:24:50.0484 4704 DM9102 - ok
16:24:50.0500 4704 dmadmin - ok
16:24:50.0546 4704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:24:50.0546 4704 dmboot - ok
16:24:50.0656 4704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:24:50.0656 4704 dmio - ok
16:24:50.0671 4704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:24:50.0671 4704 dmload - ok
16:24:50.0718 4704 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:24:50.0718 4704 dmserver - ok
16:24:50.0750 4704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:24:50.0750 4704 DMusic - ok
16:24:50.0781 4704 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:24:50.0843 4704 Dnscache - ok
16:24:50.0921 4704 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:24:50.0921 4704 Dot3svc - ok
16:24:50.0953 4704 dot4usb - ok
16:24:50.0984 4704 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:24:50.0984 4704 dpti2o - ok
16:24:51.0000 4704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:24:51.0000 4704 drmkaud - ok
16:24:51.0046 4704 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
16:24:51.0046 4704 drvmcdb - ok
16:24:51.0078 4704 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
16:24:51.0078 4704 drvnddm - ok
16:24:51.0171 4704 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
16:24:51.0296 4704 DSBrokerService - ok
16:24:51.0359 4704 DSI_SiUSBXp_3_1 - ok
16:24:51.0437 4704 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:24:51.0515 4704 DSproct - ok
16:24:51.0578 4704 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:24:51.0578 4704 dsunidrv - ok
16:24:51.0593 4704 DSXUSB - ok
16:24:51.0609 4704 dvd-ram_service - ok
16:24:51.0640 4704 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:24:51.0640 4704 E100B - ok
16:24:51.0718 4704 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:24:51.0718 4704 EapHost - ok
16:24:51.0796 4704 eelogsvc - ok
16:24:51.0796 4704 eelsservice - ok
16:24:51.0812 4704 elagopro - ok
16:24:51.0828 4704 elnkservice - ok
16:24:51.0843 4704 elockservice - ok
16:24:51.0859 4704 entertainment - ok
16:24:51.0875 4704 epfw - ok
16:24:51.0890 4704 epstnt01 - ok
16:24:51.0937 4704 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:24:51.0937 4704 ERSvc - ok
16:24:51.0968 4704 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:24:51.0984 4704 Eventlog - ok
16:24:52.0015 4704 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:24:52.0031 4704 EventSystem - ok
16:24:52.0109 4704 EvtEng (f10e7aa8bdf4488e3dfa989b8e7f7c9f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
16:24:52.0234 4704 EvtEng - ok
16:24:52.0296 4704 F700imd - ok
16:24:52.0359 4704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:24:52.0359 4704 Fastfat - ok
16:24:52.0390 4704 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:24:52.0468 4704 FastUserSwitchingCompatibility - ok
16:24:52.0500 4704 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:24:52.0515 4704 Fax - ok
16:24:52.0593 4704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:24:52.0593 4704 Fdc - ok
16:24:52.0640 4704 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:24:52.0640 4704 FilterService - ok
16:24:52.0671 4704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:24:52.0671 4704 Fips - ok
16:24:52.0718 4704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:24:52.0718 4704 Flpydisk - ok
16:24:52.0765 4704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:24:52.0765 4704 FltMgr - ok
16:24:52.0859 4704 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:24:52.0859 4704 FontCache3.0.0.0 - ok
16:24:52.0968 4704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:24:52.0968 4704 Fs_Rec - ok
16:24:53.0000 4704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:24:53.0000 4704 Ftdisk - ok
16:24:53.0000 4704 ftrtsvc - ok
16:24:53.0015 4704 g400 - ok
16:24:53.0031 4704 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
16:24:53.0031 4704 GearAspiWDM - ok
16:24:53.0062 4704 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
16:24:53.0156 4704 GEARSecurity - ok
16:24:53.0203 4704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:24:53.0203 4704 Gpc - ok
16:24:53.0296 4704 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:24:53.0296 4704 HDAudBus - ok
16:24:53.0375 4704 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:24:53.0375 4704 helpsvc - ok
16:24:53.0406 4704 hidgame - ok
16:24:53.0421 4704 HidServ - ok
16:24:53.0453 4704 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:24:53.0468 4704 hkmsvc - ok
16:24:53.0500 4704 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:24:53.0500 4704 hpn - ok
16:24:53.0609 4704 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:24:53.0609 4704 HSFHWAZL - ok
16:24:53.0656 4704 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:24:53.0656 4704 HSF_DPV - ok
16:24:53.0734 4704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:24:53.0734 4704 HTTP - ok
16:24:53.0812 4704 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:24:53.0812 4704 HTTPFilter - ok
16:24:53.0859 4704 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:24:53.0859 4704 i2omgmt - ok
16:24:53.0906 4704 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:24:53.0906 4704 i2omp - ok
16:24:53.0953 4704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:24:53.0953 4704 i8042prt - ok
16:24:53.0968 4704 ICM10USB - ok
16:24:54.0078 4704 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:24:54.0203 4704 idsvc - ok
16:24:54.0328 4704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:24:54.0328 4704 Imapi - ok
16:24:54.0359 4704 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:24:54.0375 4704 ImapiService - ok
16:24:54.0406 4704 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:24:54.0406 4704 ini910u - ok
16:24:54.0437 4704 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:24:54.0437 4704 IntelIde - ok
16:24:54.0468 4704 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:24:54.0468 4704 intelppm - ok
16:24:54.0546 4704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:24:54.0546 4704 Ip6Fw - ok
16:24:54.0578 4704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:24:54.0578 4704 IpFilterDriver - ok
16:24:54.0593 4704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:24:54.0593 4704 IpInIp - ok
16:24:54.0625 4704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:24:54.0625 4704 IpNat - ok
16:24:54.0656 4704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:24:54.0656 4704 IPSec - ok
16:24:54.0671 4704 ipsecmon - ok
16:24:54.0718 4704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:24:54.0718 4704 IRENUM - ok
16:24:54.0859 4704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:24:54.0859 4704 isapnp - ok
16:24:54.0953 4704 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
16:24:55.0093 4704 JavaQuickStarterService - ok
16:24:55.0187 4704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:24:55.0187 4704 Kbdclass - ok
16:24:55.0250 4704 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:24:55.0250 4704 kbdhid - ok
16:24:55.0296 4704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:24:55.0296 4704 kmixer - ok
16:24:55.0328 4704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:24:55.0328 4704 KSecDD - ok
16:24:55.0359 4704 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:24:55.0437 4704 lanmanserver - ok
16:24:55.0515 4704 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:24:55.0531 4704 lanmanworkstation - ok
16:24:55.0625 4704 Lavasoft Ad-Aware Service (193146149076b331c008c1c0af6fa5b9) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
16:24:55.0828 4704 Lavasoft Ad-Aware Service - ok
16:24:55.0937 4704 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:24:55.0937 4704 Lbd - ok
16:24:55.0937 4704 lbrtfdc - ok
16:24:55.0984 4704 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:24:55.0984 4704 LmHosts - ok
16:24:56.0031 4704 lvpopflt (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
16:24:56.0031 4704 lvpopflt - ok
16:24:56.0062 4704 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
16:24:56.0062 4704 LVPr2Mon - ok
16:24:56.0125 4704 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:24:56.0234 4704 LVPrcSrv - ok
16:24:56.0359 4704 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:24:56.0359 4704 LVRS - ok
16:24:56.0406 4704 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
16:24:56.0406 4704 lvselsus - ok
16:24:56.0437 4704 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
16:24:56.0437 4704 LVUSBSta - ok
16:24:56.0515 4704 LVUVC (bfbbf371b4f87c202124728b6160fa8b) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:24:56.0687 4704 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\lvuvc.sys. Real md5: bfbbf371b4f87c202124728b6160fa8b, Fake md5: a240e42a7402e927a71b6e8aa4629b13
16:24:56.0718 4704 LVUVC ( ForgedFile.Multi.Generic ) - warning
16:24:56.0718 4704 LVUVC - detected ForgedFile.Multi.Generic (1)
16:24:56.0796 4704 lxcf_device - ok
16:24:56.0812 4704 MaRdPnp - ok
16:24:56.0906 4704 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:24:57.0046 4704 McMPFSvc - ok
16:24:57.0062 4704 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:57.0062 4704 mcmscsvc - ok
16:24:57.0062 4704 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:57.0062 4704 McNaiAnn - ok
16:24:57.0078 4704 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:57.0078 4704 McNASvc - ok
16:24:57.0187 4704 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe
16:24:57.0296 4704 McODS - ok
16:24:57.0359 4704 mcpromgr - ok
16:24:57.0453 4704 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:57.0453 4704 McProxy - ok
16:24:57.0500 4704 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:24:57.0515 4704 McShield - ok
16:24:57.0546 4704 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
16:24:57.0578 4704 MDM - ok
16:24:57.0671 4704 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:24:57.0687 4704 mdmxsdk - ok
16:24:57.0718 4704 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:24:57.0734 4704 Messenger - ok
16:24:57.0781 4704 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
16:24:57.0781 4704 mfeapfk - ok
16:24:57.0828 4704 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
16:24:57.0828 4704 mfeavfk - ok
16:24:57.0843 4704 mfeavfk01 - ok
16:24:57.0875 4704 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
16:24:57.0875 4704 mfebopk - ok
16:24:57.0937 4704 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:24:57.0953 4704 mfefire - ok
16:24:58.0078 4704 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
16:24:58.0078 4704 mfefirek - ok
16:24:58.0140 4704 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
16:24:58.0140 4704 mfehidk - ok
16:24:58.0171 4704 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:24:58.0171 4704 mfendisk - ok
16:24:58.0171 4704 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:24:58.0171 4704 mfendiskmp - ok
16:24:58.0234 4704 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
16:24:58.0234 4704 mferkdet - ok
16:24:58.0328 4704 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
16:24:58.0328 4704 mferkdk - ok
16:24:58.0390 4704 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
16:24:58.0390 4704 mfesmfk - ok
16:24:58.0453 4704 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
16:24:58.0453 4704 mfetdi2k - ok
16:24:58.0515 4704 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:24:58.0640 4704 mfevtp - ok
16:24:58.0703 4704 midisyn - ok
16:24:58.0750 4704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:24:58.0750 4704 mnmdd - ok
16:24:58.0796 4704 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:24:58.0812 4704 mnmsrvc - ok
16:24:58.0859 4704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:24:58.0859 4704 Modem - ok
16:24:58.0890 4704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:24:58.0890 4704 Mouclass - ok
16:24:58.0937 4704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:24:58.0937 4704 mouhid - ok
16:24:58.0953 4704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:24:58.0953 4704 MountMgr - ok
16:24:59.0062 4704 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:24:59.0062 4704 mraid35x - ok
16:24:59.0109 4704 MRVW245 (be92f1eefdb3d9d231f3496b3cf007cc) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
16:24:59.0109 4704 MRVW245 - ok
16:24:59.0156 4704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:24:59.0171 4704 MRxDAV - ok
16:24:59.0218 4704 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:24:59.0218 4704 MRxSmb - ok
16:24:59.0296 4704 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
16:24:59.0406 4704 MSCamSvc - ok
16:24:59.0500 4704 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:24:59.0515 4704 MSDTC - ok
16:24:59.0546 4704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:24:59.0562 4704 Msfs - ok
16:24:59.0562 4704 msftesql - ok
16:24:59.0593 4704 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
16:24:59.0609 4704 MSHUSBVideo - ok
16:24:59.0609 4704 MSIServer - ok
16:24:59.0703 4704 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:24:59.0703 4704 MSK80Service - ok
16:24:59.0859 4704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:24:59.0859 4704 MSKSSRV - ok
16:24:59.0859 4704 msmpsvc - ok
16:24:59.0890 4704 MSMQTriggers - ok
16:24:59.0921 4704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:24:59.0921 4704 MSPCLOCK - ok
16:24:59.0937 4704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:24:59.0937 4704 MSPQM - ok
16:24:59.0968 4704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:24:59.0968 4704 mssmbios - ok
16:25:00.0000 4704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:25:00.0000 4704 MSTEE - ok
16:25:00.0093 4704 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:25:00.0093 4704 Mup - ok
16:25:00.0140 4704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:25:00.0140 4704 NABTSFEC - ok
16:25:00.0187 4704 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:25:00.0203 4704 napagent - ok
16:25:00.0218 4704 nchssvad - ok
16:25:00.0265 4704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:25:00.0265 4704 NDIS - ok
16:25:00.0296 4704 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
16:25:00.0296 4704 ndiscm - ok
16:25:00.0406 4704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:25:00.0421 4704 NdisIP - ok
16:25:00.0453 4704 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:25:00.0453 4704 NdisTapi - ok
16:25:00.0468 4704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:25:00.0468 4704 Ndisuio - ok
16:25:00.0500 4704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:25:00.0500 4704 NdisWan - ok
16:25:00.0531 4704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:25:00.0531 4704 NDProxy - ok
16:25:00.0562 4704 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
16:25:00.0640 4704 Net Driver HPZ12 - ok
16:25:00.0718 4704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:25:00.0718 4704 NetBIOS - ok
16:25:00.0921 4704 NetBT (bcc1771007a79d0c3b7f59ab1416583a) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:25:00.0921 4704 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: bcc1771007a79d0c3b7f59ab1416583a, Fake md5: a2bae6332e5cfc629a62208ece4390b0
16:25:00.0921 4704 NetBT ( Virus.Win32.ZAccess.k ) - infected
16:25:00.0921 4704 NetBT - detected Virus.Win32.ZAccess.k (0)
16:25:00.0968 4704 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:25:00.0968 4704 NetDDE - ok
16:25:00.0984 4704 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:25:00.0984 4704 NetDDEdsdm - ok
16:25:01.0000 4704 NETGEAR_MA111 - ok
16:25:01.0015 4704 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:25:01.0031 4704 Netlogon - ok
16:25:01.0062 4704 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:25:01.0062 4704 Netman - ok
16:25:01.0125 4704 netsvc - ok
16:25:01.0218 4704 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:01.0234 4704 NetTcpPortSharing - ok
16:25:01.0328 4704 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
16:25:01.0343 4704 NETw3x32 - ok
16:25:01.0468 4704 NETw4x32 (537182d8dd55132645be08e89dce25b4) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
16:25:01.0484 4704 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETw4x32.sys. Real md5: 537182d8dd55132645be08e89dce25b4, Fake md5: 88100ebdd10309fbd445ef8e42452eae
16:25:01.0484 4704 NETw4x32 ( ForgedFile.Multi.Generic ) - warning
16:25:01.0484 4704 NETw4x32 - detected ForgedFile.Multi.Generic (1)
16:25:01.0515 4704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:25:01.0515 4704 NIC1394 - ok
16:25:01.0593 4704 NICCONFIGSVC (11d8a00c7eff1aaec8e8464769c84a3d) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
16:25:01.0796 4704 NICCONFIGSVC - ok
16:25:01.0875 4704 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:25:01.0875 4704 Nla - ok
16:25:01.0890 4704 nlsvc - ok
16:25:01.0953 4704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:25:01.0953 4704 Npfs - ok
16:25:01.0984 4704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:25:02.0000 4704 Ntfs - ok
16:25:02.0031 4704 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:25:02.0031 4704 NtLmSsp - ok
16:25:02.0093 4704 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:25:02.0109 4704 NtmsSvc - ok
16:25:02.0171 4704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:25:02.0187 4704 Null - ok
16:25:02.0312 4704 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:25:02.0328 4704 nv - ok
16:25:02.0375 4704 nvidesm - ok
16:25:02.0406 4704 nvmpu401 - ok
16:25:02.0406 4704 nvnetbus - ok
16:25:02.0437 4704 nvpvrmon - ok
16:25:02.0453 4704 nvstor32 - ok
16:25:02.0500 4704 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
16:25:02.0500 4704 NWADI - ok
16:25:02.0515 4704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:25:02.0515 4704 NwlnkFlt - ok
16:25:02.0546 4704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:25:02.0546 4704 NwlnkFwd - ok
16:25:02.0562 4704 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
16:25:02.0562 4704 NWUSBCDFIL - ok
16:25:02.0609 4704 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
16:25:02.0609 4704 NWUSBModem - ok
16:25:02.0734 4704 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
16:25:02.0734 4704 NWUSBPort - ok
16:25:02.0781 4704 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
16:25:02.0781 4704 NWUSBPort2 - ok

 

Here is the TDSSKiller log (part 2 of 2):

16:25:02.0906 4704 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:25:03.0031 4704 odserv - ok
16:25:03.0140 4704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:25:03.0140 4704 ohci1394 - ok
16:25:03.0171 4704 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
16:25:03.0171 4704 omci - ok
16:25:03.0187 4704 omniserv - ok
16:25:03.0203 4704 oracleformsserver-forms60server-oraform - ok
16:25:03.0203 4704 oracleorahome811cman - ok
16:25:03.0265 4704 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:03.0375 4704 ose - ok
16:25:03.0453 4704 osppsvc (8604c1217de917c640e894007b21b003) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:25:03.0765 4704 Suspicious file (Forged): C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE. Real md5: 8604c1217de917c640e894007b21b003, Fake md5: 928c8060a555f0622cc4cac672b08573
16:25:03.0781 4704 osppsvc ( ForgedFile.Multi.Generic ) - warning
16:25:03.0781 4704 osppsvc - detected ForgedFile.Multi.Generic (1)
16:25:03.0890 4704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:25:03.0890 4704 Parport - ok
16:25:03.0921 4704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:25:03.0921 4704 PartMgr - ok
16:25:03.0953 4704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:25:03.0953 4704 ParVdm - ok
16:25:03.0968 4704 pavprsrv - ok
16:25:04.0000 4704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:25:04.0000 4704 PCI - ok
16:25:04.0015 4704 PCIDump - ok
16:25:04.0031 4704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:25:04.0031 4704 PCIIde - ok
16:25:04.0062 4704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:25:04.0062 4704 Pcmcia - ok
16:25:04.0093 4704 pcnet - ok
16:25:04.0109 4704 PDCOMP - ok
16:25:04.0125 4704 PDFRAME - ok
16:25:04.0140 4704 pdlnatcm - ok
16:25:04.0156 4704 pdlnslea - ok
16:25:04.0171 4704 PDRELI - ok
16:25:04.0171 4704 PDRFRAME - ok
16:25:04.0218 4704 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:25:04.0218 4704 perc2 - ok
16:25:04.0343 4704 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:25:04.0343 4704 perc2hib - ok
16:25:04.0359 4704 PhilCam8116_XP - ok
16:25:04.0390 4704 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:25:04.0390 4704 PlugPlay - ok
16:25:04.0406 4704 pmj151la - ok
16:25:04.0453 4704 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
16:25:04.0515 4704 Pml Driver HPZ12 - ok
16:25:04.0546 4704 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:25:04.0546 4704 PolicyAgent - ok
16:25:04.0546 4704 pptchpad - ok
16:25:04.0578 4704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:25:04.0578 4704 PptpMiniport - ok
16:25:04.0640 4704 procmon10 - ok
16:25:04.0656 4704 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:25:04.0656 4704 ProtectedStorage - ok
16:25:04.0703 4704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:25:04.0703 4704 PSched - ok
16:25:04.0750 4704 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:25:04.0750 4704 PSI - ok
16:25:04.0765 4704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:25:04.0781 4704 Ptilink - ok
16:25:04.0828 4704 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:25:04.0828 4704 PxHelp20 - ok
16:25:04.0859 4704 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:25:04.0859 4704 ql1080 - ok
16:25:04.0890 4704 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:25:04.0890 4704 Ql10wnt - ok
16:25:05.0000 4704 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:25:05.0000 4704 ql12160 - ok
16:25:05.0031 4704 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:25:05.0031 4704 ql1240 - ok
16:25:05.0062 4704 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:25:05.0062 4704 ql1280 - ok
16:25:05.0078 4704 qmofiltr - ok
16:25:05.0109 4704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:25:05.0109 4704 RasAcd - ok
16:25:05.0156 4704 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:25:05.0171 4704 RasAuto - ok
16:25:05.0187 4704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:25:05.0187 4704 Rasl2tp - ok
16:25:05.0218 4704 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:25:05.0234 4704 RasMan - ok
16:25:05.0343 4704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:25:05.0343 4704 RasPppoe - ok
16:25:05.0359 4704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:25:05.0359 4704 Raspti - ok
16:25:05.0375 4704 razerusb - ok
16:25:05.0406 4704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:25:05.0406 4704 Rdbss - ok
16:25:05.0421 4704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:25:05.0437 4704 RDPCDD - ok
16:25:05.0468 4704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:25:05.0468 4704 rdpdr - ok
16:25:05.0515 4704 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:25:05.0531 4704 RDPWD - ok
16:25:05.0593 4704 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:25:05.0609 4704 RDSessMgr - ok
16:25:05.0656 4704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:25:05.0671 4704 redbook - ok
16:25:05.0671 4704 regmanserv - ok
16:25:05.0765 4704 RegSrvc (7274bd434b6165baa382bdd87f6ca4ce) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
16:25:05.0984 4704 RegSrvc - ok
16:25:06.0062 4704 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:25:06.0062 4704 RemoteAccess - ok
16:25:06.0078 4704 RESMGR - ok
16:25:06.0125 4704 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:25:06.0125 4704 rimmptsk - ok
16:25:06.0140 4704 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:25:06.0156 4704 rimsptsk - ok
16:25:06.0156 4704 rimusb - ok
16:25:06.0187 4704 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:25:06.0187 4704 rismxdp - ok
16:25:06.0203 4704 roxmediadb - ok
16:25:06.0234 4704 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:25:06.0250 4704 RpcLocator - ok
16:25:06.0312 4704 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:25:06.0312 4704 RpcSs - ok
16:25:06.0359 4704 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:25:06.0375 4704 RSVP - ok
16:25:06.0390 4704 rtport - ok
16:25:06.0390 4704 s125obex - ok
16:25:06.0500 4704 S24EventMonitor (20f261e78ccf0ea36d4fe2c363a2ef8a) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
16:25:06.0656 4704 S24EventMonitor - ok
16:25:06.0796 4704 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:25:06.0796 4704 s24trans - ok
16:25:06.0843 4704 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:25:06.0843 4704 SamSs - ok
16:25:06.0859 4704 savrtpel - ok
16:25:06.0906 4704 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:25:06.0921 4704 SCardSvr - ok
16:25:06.0953 4704 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:25:06.0968 4704 Schedule - ok
16:25:07.0062 4704 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:25:07.0062 4704 sdbus - ok
16:25:07.0062 4704 SE2Dmgmt - ok
16:25:07.0078 4704 se2Dnd5 - ok
16:25:07.0125 4704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:07.0125 4704 Secdrv - ok
16:25:07.0156 4704 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:25:07.0156 4704 seclogon - ok
16:25:07.0312 4704 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
16:25:07.0484 4704 Secunia PSI Agent - ok
16:25:07.0562 4704 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
16:25:07.0656 4704 Secunia Update Agent - ok
16:25:07.0734 4704 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:25:07.0734 4704 SENS - ok
16:25:07.0875 4704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:25:07.0890 4704 serenum - ok
16:25:07.0906 4704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:25:07.0906 4704 Serial - ok
16:25:07.0937 4704 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:25:07.0937 4704 sffdisk - ok
16:25:07.0968 4704 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:25:07.0968 4704 sffp_sd - ok
16:25:08.0031 4704 sfhlp01 - ok
16:25:08.0046 4704 sfhlp02 - ok
16:25:08.0078 4704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:25:08.0078 4704 Sfloppy - ok
16:25:08.0125 4704 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:25:08.0140 4704 SharedAccess - ok
16:25:08.0171 4704 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:25:08.0171 4704 ShellHWDetection - ok
16:25:08.0187 4704 Simbad - ok
16:25:08.0218 4704 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:25:08.0218 4704 sisagp - ok
16:25:08.0250 4704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:25:08.0250 4704 SLIP - ok
16:25:08.0328 4704 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
16:25:08.0500 4704 SMSIVZAM5 - ok
16:25:08.0609 4704 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:25:08.0625 4704 Sparrow - ok
16:25:08.0656 4704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:25:08.0656 4704 splitter - ok
16:25:08.0687 4704 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:25:08.0812 4704 Spooler - ok
16:25:08.0875 4704 sprtsvc_dellsupportcenter - ok
16:25:08.0921 4704 SQLAgent$ABBEYIIOFFLINE - ok
16:25:08.0984 4704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:25:08.0984 4704 sr - ok
16:25:09.0015 4704 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:25:09.0031 4704 srservice - ok
16:25:09.0062 4704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:25:09.0062 4704 Srv - ok
16:25:09.0078 4704 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
16:25:09.0078 4704 sscdbhk5 - ok
16:25:09.0093 4704 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:25:09.0109 4704 SSDPSRV - ok
16:25:09.0125 4704 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
16:25:09.0125 4704 ssrtln - ok
16:25:09.0140 4704 starwindservice - ok
16:25:09.0218 4704 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
16:25:09.0218 4704 STHDA - ok
16:25:09.0312 4704 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:25:09.0328 4704 stisvc - ok
16:25:09.0390 4704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:25:09.0390 4704 streamip - ok
16:25:09.0390 4704 STV680m - ok
16:25:09.0421 4704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:25:09.0421 4704 swenum - ok
16:25:09.0453 4704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:25:09.0453 4704 swmidi - ok
16:25:09.0468 4704 SwPrv - ok
16:25:09.0468 4704 SWUMX20 - ok
16:25:09.0500 4704 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:25:09.0515 4704 symc810 - ok
16:25:09.0531 4704 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:25:09.0531 4704 symc8xx - ok
16:25:09.0625 4704 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:25:09.0640 4704 sym_hi - ok
16:25:09.0656 4704 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:25:09.0656 4704 sym_u3 - ok
16:25:09.0703 4704 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:25:09.0703 4704 SynTP - ok
16:25:09.0750 4704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:25:09.0750 4704 sysaudio - ok
16:25:09.0812 4704 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:25:09.0828 4704 SysmonLog - ok
16:25:09.0921 4704 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:25:09.0937 4704 TapiSrv - ok
16:25:10.0000 4704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:25:10.0000 4704 Tcpip - ok
16:25:10.0031 4704 tcpip6 - ok
16:25:10.0062 4704 tdcmdpst - ok
16:25:10.0125 4704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:25:10.0125 4704 TDPIPE - ok
16:25:10.0171 4704 tdrpman - ok
16:25:10.0203 4704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:25:10.0203 4704 TDTCP - ok
16:25:10.0265 4704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:25:10.0265 4704 TermDD - ok
16:25:10.0312 4704 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:25:10.0328 4704 TermService - ok
16:25:10.0375 4704 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
16:25:10.0500 4704 tfsnboio - ok
16:25:10.0593 4704 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
16:25:10.0671 4704 tfsncofs - ok
16:25:10.0718 4704 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
16:25:10.0812 4704 tfsndrct - ok
16:25:10.0843 4704 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
16:25:10.0937 4704 tfsndres - ok
16:25:11.0031 4704 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
16:25:11.0109 4704 tfsnifs - ok
16:25:11.0140 4704 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
16:25:11.0218 4704 tfsnopio - ok
16:25:11.0250 4704 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
16:25:11.0343 4704 tfsnpool - ok
16:25:11.0500 4704 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
16:25:11.0578 4704 tfsnudf - ok
16:25:11.0593 4704 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
16:25:11.0703 4704 tfsnudfa - ok
16:25:11.0750 4704 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:25:11.0750 4704 Themes - ok
16:25:11.0812 4704 thkeys - ok
16:25:11.0859 4704 TMHIDSRV - ok
16:25:11.0921 4704 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:25:11.0921 4704 TosIde - ok
16:25:11.0937 4704 tosrfcom - ok
16:25:11.0953 4704 tos_sps32 - ok
16:25:12.0000 4704 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:25:12.0015 4704 TrkWks - ok
16:25:12.0031 4704 tunnelguardservice - ok
16:25:12.0078 4704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:25:12.0078 4704 Udfs - ok
16:25:12.0078 4704 uisp - ok
16:25:12.0109 4704 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:25:12.0109 4704 ultra - ok
16:25:12.0156 4704 UMAXPCLS - ok
16:25:12.0203 4704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:25:12.0203 4704 Update - ok
16:25:12.0281 4704 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:25:12.0296 4704 upnphost - ok
16:25:12.0328 4704 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:25:12.0328 4704 UPS - ok
16:25:12.0359 4704 upsentry_smart - ok
16:25:12.0375 4704 us30sys - ok
16:25:12.0406 4704 USBAAPL - ok
16:25:12.0437 4704 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:25:12.0437 4704 usbaudio - ok
16:25:12.0468 4704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:25:12.0468 4704 usbccgp - ok
16:25:12.0546 4704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:25:12.0546 4704 usbehci - ok
16:25:12.0593 4704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:25:12.0593 4704 usbhub - ok
16:25:12.0640 4704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:25:12.0640 4704 usbprint - ok
16:25:12.0718 4704 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:25:12.0718 4704 usbscan - ok
16:25:12.0765 4704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:25:12.0765 4704 USBSTOR - ok
16:25:12.0859 4704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:25:12.0859 4704 usbuhci - ok
16:25:12.0921 4704 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:25:12.0921 4704 usbvideo - ok
16:25:12.0968 4704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:25:12.0968 4704 VgaSave - ok
16:25:13.0000 4704 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:25:13.0000 4704 viaagp - ok
16:25:13.0031 4704 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:25:13.0031 4704 ViaIde - ok
16:25:13.0046 4704 VirtualCam - ok
16:25:13.0062 4704 vmware - ok
16:25:13.0093 4704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:25:13.0093 4704 VolSnap - ok
16:25:13.0187 4704 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:25:13.0203 4704 VSS - ok
16:25:13.0250 4704 vwlogger - ok
16:25:13.0265 4704 w200mdfl - ok
16:25:13.0281 4704 w300mdfl - ok
16:25:13.0312 4704 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:25:13.0328 4704 w32time - ok
16:25:13.0406 4704 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
16:25:13.0421 4704 w39n51 - ok
16:25:13.0500 4704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:25:13.0500 4704 Wanarp - ok
16:25:13.0531 4704 wanatw - ok
16:25:13.0546 4704 WDICA - ok
16:25:13.0562 4704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:25:13.0562 4704 wdmaud - ok
16:25:13.0609 4704 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:25:13.0625 4704 WebClient - ok
16:25:13.0640 4704 webfilter - ok
16:25:13.0703 4704 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:25:13.0718 4704 winachsf - ok
16:25:13.0765 4704 winachsx - ok
16:25:13.0843 4704 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:25:13.0843 4704 winmgmt - ok
16:25:13.0937 4704 WLANKEEPER (c2ed9211101f3c9cf70b9cbdb3e99c8c) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
16:25:13.0937 4704 WLANKEEPER - ok
16:25:14.0015 4704 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:25:14.0031 4704 WmdmPmSN - ok
16:25:14.0093 4704 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:25:14.0093 4704 WmiAcpi - ok
16:25:14.0156 4704 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:25:14.0156 4704 WmiApSrv - ok
16:25:14.0171 4704 wmp54gssvc - ok
16:25:14.0296 4704 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:25:14.0343 4704 WMPNetworkSvc - ok
16:25:14.0484 4704 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:25:14.0484 4704 WS2IFSL - ok
16:25:14.0531 4704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:25:14.0531 4704 WSTCODEC - ok
16:25:14.0562 4704 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:25:14.0578 4704 wuauserv - ok
16:25:14.0609 4704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:25:14.0625 4704 WudfPf - ok
16:25:14.0656 4704 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:25:14.0671 4704 WudfSvc - ok
16:25:14.0718 4704 wusb54gv2svc - ok
16:25:14.0781 4704 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:25:14.0796 4704 WZCSVC - ok
16:25:14.0843 4704 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:25:14.0859 4704 xmlprov - ok
16:25:14.0875 4704 ZDCNDIS5 - ok
16:25:14.0906 4704 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
16:25:14.0937 4704 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
16:25:14.0984 4704 \Device\Harddisk0\DR0 - ok
16:25:15.0000 4704 Boot (0x1200) (5e0bcb2121f888eecc9a60ffd741de39) \Device\Harddisk0\DR0\Partition0
16:25:15.0000 4704 \Device\Harddisk0\DR0\Partition0 - ok
16:25:15.0031 4704 Boot (0x1200) (55bfd6beb343370b4cd378727f5db448) \Device\Harddisk0\DR0\Partition1
16:25:15.0031 4704 \Device\Harddisk0\DR0\Partition1 - ok
16:25:15.0031 4704 ============================================================
16:25:15.0031 4704 Scan finished
16:25:15.0031 4704 ============================================================
16:25:15.0031 4176 Detected object count: 4
16:25:15.0031 4176 Actual detected object count: 4
16:25:55.0421 4176 LVUVC ( ForgedFile.Multi.Generic ) - skipped by user
16:25:55.0421 4176 LVUVC ( ForgedFile.Multi.Generic ) - User select action: Skip
16:25:55.0578 4176 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
16:25:56.0078 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\@ - copied to quarantine
16:25:56.0203 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\cfg.ini - copied to quarantine
16:25:56.0265 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\Desktop.ini - copied to quarantine
16:25:56.0484 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\L\odetmngk - copied to quarantine
16:25:56.0515 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\oemid - copied to quarantine
16:25:56.0562 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000001.@ - copied to quarantine
16:25:56.0734 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000002.@ - copied to quarantine
16:25:56.0875 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000004.@ - copied to quarantine
16:25:57.0031 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000000.@ - copied to quarantine
16:25:57.0203 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000004.@ - copied to quarantine
16:26:08.0390 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000032.@ - copied to quarantine
16:26:08.0703 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\version - copied to quarantine
16:26:14.0968 4176 Backup copy found, using it..
16:26:14.0984 4176 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
16:26:17.0734 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\@ - will be deleted on reboot
16:26:17.0734 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\cfg.ini - will be deleted on reboot
16:26:17.0734 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\Desktop.ini - will be deleted on reboot
16:26:17.0765 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\oemid - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000001.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000002.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\00000004.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000000.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000004.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\U\80000032.@ - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\1586224560\version - will be deleted on reboot
16:26:17.0796 4176 C:\WINDOWS\$NtUninstallKB33595$\602179873 - will be deleted on reboot
16:26:17.0796 4176 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
16:26:17.0796 4176 NETw4x32 ( ForgedFile.Multi.Generic ) - skipped by user
16:26:17.0796 4176 NETw4x32 ( ForgedFile.Multi.Generic ) - User select action: Skip
16:26:17.0796 4176 osppsvc ( ForgedFile.Multi.Generic ) - skipped by user
16:26:17.0796 4176 osppsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
16:28:21.0546 5924 Deinitialize success

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 16:51:40
-----------------------------
16:51:40.203 OS Version: Windows 5.1.2600 Service Pack 3
16:51:40.203 Number of processors: 2 586 0xE08
16:51:40.203 ComputerName: BRANDON UserName:
16:51:42.578 Initialize success
16:52:03.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:52:03.531 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 93958MB BusType: 3
16:52:03.546 Disk 0 MBR read successfully
16:52:03.546 Disk 0 MBR scan
16:52:03.546 Disk 0 unknown MBR code
16:52:03.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:52:03.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68284 MB offset 96390
16:52:03.578 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22042 MB offset 139958280
16:52:03.609 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3569 MB offset 185100930
16:52:03.609 Disk 0 scanning sectors +192410505
16:52:03.625 Disk 0 PE file @ sector 192410505 !
16:52:03.671 Disk 0 scanning C:\WINDOWS\system32\drivers
16:52:22.328 Service scanning
16:52:41.234 Modules scanning
16:52:50.953 Disk 0 trace - called modules:
16:52:50.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:52:50.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abbbab8]
16:52:50.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8ab57f18]
16:52:50.984 5 ACPI.sys[b9f68620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab9a940]
16:52:50.984 Scan finished successfully
16:55:07.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat "
16:55:07.296 The log file has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\aswMBR.txt "

 

ComboFix 12-04-01.01 - Brandon McGahee 04/01/2012 17:55:45.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1199 [GMT -4:00]
Running from: c:\documents and settings\Brandon McGahee\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Brandon McGahee\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Brandon McGahee\WINDOWS
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dsNcAdpt.dll
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 20:25 . 2012-04-01 20:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 05:15 . 2012-04-01 05:15 57176 ----a-w- c:\windows\RGI580.tmp
2012-03-28 00:02 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B20582E6-DF5E-470E-8850-B1F47903BB60}\mpengine.dll
2012-03-18 02:12 . 2012-03-18 02:12 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 02:12 . 2012-03-18 02:12 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 21:59 . 2012-01-02 03:53 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-01 20:29 . 2004-08-10 17:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-14 02:15 . 2006-08-17 03:36 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-23 13:18 . 2011-06-10 02:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 20:30 . 2011-05-14 16:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 06:37 . 2011-06-21 06:37 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-18 02:12 . 2011-06-25 23:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-08-19 21:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-09-24 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2011-12-31 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\utorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/19/2010 5:21 PM 89792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1036104]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 5:22 PM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 5:21 PM 150856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/19/2010 5:21 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/19/2010 5:21 PM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83856]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:21 PM 87656]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30576]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
pdlnatcm
{834170a7-af3b-4d34-a757-e05eb29ee96d}
ngdbserv
L8042Kbd
elockservice
avgascln
webfilter
tdrpman
upsentry_smart
AVRec
savrtpel
se2Dnd5
cfsvcs
bt3cser
nvmpu401
acrotray
cxusb
epfw
aksusb
oracleformsserver-forms60server-oraform
omniserv
hidgame
s125obex
ICM10USB
elagopro
SQLAgent$ABBEYIIOFFLINE
sfhlp02
nchssvad
aaksrv
tcpip6
backupexecnotificationserver
sfhlp01
DSXUSB
vwlogger
tdcmdpst
UMAXPCLS
pavprsrv
F700imd
DM9102
msftesql
regmanserv
dot4usb
MSMQTriggers
pcnet
ftrtsvc
NETGEAR_MA111
us30sys
w300mdfl
pdlnslea
BUFADPT
nvstor32
cwafreportscheduler
mcpromgr
wmp54gssvc
nvidesm
nlsvc
eelsservice
rkhdrv31
ATIVXSTW
eelogsvc
wusb54gv2svc
tosrfcom
netsvc
oracleorahome811cman
ATIBTCAP
thkeys
pptchpad
tunnelguardservice
defragfs
SWUMX20
MaRdPnp
A4S2600
msmpsvc
roxmediadb
ccflic0
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
rtport
cidaemon
midisyn
razerusb
SE2Dmgmt
ZDCNDIS5
ctusfsyn
winachsx
nvnetbus
w200mdfl
lxcf_device
RESMGR
elnkservice
tos_sps32
vmware
ipsecmon
uisp
nvpvrmon
pmj151la
starwindservice
epstnt01
DSI_SiUSBXp_3_1
procmon10
dvd-ram_service
thinkpadmodemservice
STV680m
bocdrive
VirtualCam
entertainment
belgium_id_card_service
USBAAPL
g400
cfgwzsvc
TMHIDSRV
qmofiltr
rimusb
usbvm321
ser2plms
Intels51
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:16]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-04-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-03-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-eTrustPPAP - c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
SafeBoot-33540986.sys
SafeBoot-WinDefend
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
"Q "=hex:51
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
"Q "=hex:51
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÃE¼]
"Q "=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-04-01 18:12:47
ComboFix-quarantined-files.txt 2012-04-01 22:12
.
Pre-Run: 35,283,156,992 bytes free
Post-Run: 35,704,807,424 bytes free
.
- - End Of File - - EABE785C958BFBA97A8239E2D3288647

 

The computer is running much better now. I have not seen any of the "trojan removed" pop-up messages from McAfee since we ran TDSSKiller. Overall performance is better, too. I have not done any tests with IE yet, but I will try that next.

Here is the OTL.Txt file (part 1 of 2)
OTL logfile created on: 4/1/2012 9:54:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.06% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 33.33 Gb Free Space | 49.98% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 21:41:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/08 15:16:12 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/08 15:16:19 | 000,090,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/06/08 15:16:18 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011/06/08 15:16:17 | 000,256,424 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2009/07/03 10:49:08 | 000,168,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snare.dll -- (ZDCNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awecho.dll -- (wusb54gv2svc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (wmp54gssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxliveshare9.dll -- (winachsx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskssrv.dll -- (webfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snareiis.dll -- (w300mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (w200mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (vwlogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvp.dll -- (vmware)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\U81xbus.dll -- (VirtualCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117mdfl.dll -- (USBAAPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ohci1394.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrxsmb.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBFSHook.dll -- (UMAXPCLS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Nsynas32.dll -- (uisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmservice.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imapiservice.dll -- (tosrfcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpdusb.dll -- (tos_sps32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pmsveh.dll -- (TMHIDSRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TIEHDUSB.dll -- (thkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acedrv07.dll -- (tdrpman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsRamDsk.dll -- (tdcmdpst)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll -- (tcpip6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmpnetworksvc.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AIRPLUS.dll -- (STV680m)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ose.dll -- (starwindservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxhttp.dll -- (SQLAgent$ABBEYIIOFFLINE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmindexingservice.dll -- (sfhlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (sfhlp01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prevxagent.dll -- (se2Dnd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\motoswitchservice.dll -- (SE2Dmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PciBus.dll -- (savrtpel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Ebus.dll -- (s125obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSTAPE.dll -- (rtport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (roxmediadb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icdsptsv.dll -- (rimusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasbus.dll -- (RESMGR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wfxsvc.dll -- (regmanserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsndrct.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trayman.dll -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bcoreusb.dll -- (pptchpad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (pmj151la)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stirusb.dll -- (pdlnslea)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isapisearch.dll -- (pdlnatcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (pcnet)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (pavprsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sglogplayer.dll -- (oracleorahome811cman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (oracleformsserver-forms60server-oraform)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\merakpop3.dll -- (omniserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\defragfs.dll -- (nvstor32) BLKWGU(Belkin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siskp.dll -- (nvpvrmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nm.dll -- (nvnetbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qbposdbservices.dll -- (nvmpu401)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll -- (nvidesm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BUFADPT.dll -- (nlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (netsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetadapter.dll -- (NETGEAR_MA111)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwlsvc.dll -- (nchssvad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SerTVOutCtlr.dll -- (MSMQTriggers)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEKIOMngr.dll -- (msmpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (msftesql)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntservice1.dll -- (midisyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimsptsk.dll -- (mcpromgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mfeapfk.dll -- (MaRdPnp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsssvc.dll -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbcssvc.dll -- (ipsecmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TeamViewer.dll -- (ICM10USB)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpcsvr4x.dll -- (hidgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (g400)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlapoolm.dll -- (ftrtsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digirefresh.dll -- (F700imd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (epstnt01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\edspport.dll -- (epfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PGPdisk.dll -- (entertainment)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mdc8021x.dll -- (elockservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppped.dll -- (elnkservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stllssvr.dll -- (elagopro)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomeagent.dll -- (eelsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfbnp.dll -- (eelogsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINUSB.dll -- (dvd-ram_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiSRaid.dll -- (DSXUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABSVC.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FlexBios.dll -- (dot4usb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viairda.dll -- (DM9102)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lkclassads.dll -- (defragfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaifs_m.dll -- (cxusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Defrag32b.dll -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sit_prt.dll -- (ctusfsyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RDID1027.dll -- (cidaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ngdbserv.dll -- (cfsvcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ahcix86s.dll -- (cfgwzsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sony_ssm.sys.dll -- (bt3cser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kodakccs.dll -- (bocdrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMouFilt.dll -- (belgium_id_card_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UBHelper.dll -- (backupexecnotificationserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\idsvc.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\suservice.dll -- (avgascln)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (ATIBTCAP)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (aksusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (acrotray)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (aaksrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt2500usb.dll -- (A4S2600)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZTEusbmdm6k.dll -- ({85ccb53b-23d8-4e73-b1b7-9ddb71827d9b})
SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/28 22:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcfcoms.exe -- (dlcf_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 14:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 14:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:24:48 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/08 07:14:00 | 000,498,816 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/22 18:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes,DefaultScope = {8F1F6F3C-A7F8-48D4-A6A6-D16291A3082E}
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes\{8F1F6F3C-A7F8-48D4-A6A6-D16291A3082E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/01 18:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/31 01:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 22:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 07:59:58 | 000,000,000 | ---D | M]

[2010/05/08 21:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Extensions
[2012/03/03 15:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions
[2010/05/08 22:21:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 22:22:19 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2012/03/03 15:56:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/31 01:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BRANDON MCGAHEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6AKBZGC3.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2010/06/13 02:10:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/17 22:12:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/06/21 02:37:38 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/06/21 02:37:44 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/16 21:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/16 21:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 21:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/16 21:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/16 21:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/04/01 18:10:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224063224.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F}: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

OTL.Txt (Part 2 of 2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: pdlnatcm - %systemroot%\system32\isapisearch.dll File not found
NetSvcs: {834170a7-af3b-4d34-a757-e05eb29ee96d} - File not found
NetSvcs: ngdbserv - File not found
NetSvcs: L8042Kbd - File not found
NetSvcs: elockservice - %systemroot%\system32\mdc8021x.dll File not found
NetSvcs: avgascln - %systemroot%\system32\suservice.dll File not found
NetSvcs: webfilter - %systemroot%\system32\mskssrv.dll File not found
NetSvcs: tdrpman - %systemroot%\system32\acedrv07.dll File not found
NetSvcs: upsentry_smart - %systemroot%\system32\mrxsmb.dll File not found
NetSvcs: AVRec - %systemroot%\system32\idsvc.dll File not found
NetSvcs: savrtpel - %systemroot%\system32\PciBus.dll File not found
NetSvcs: se2Dnd5 - %systemroot%\system32\prevxagent.dll File not found
NetSvcs: cfsvcs - %systemroot%\system32\ngdbserv.dll File not found
NetSvcs: bt3cser - %systemroot%\system32\sony_ssm.sys.dll File not found
NetSvcs: nvmpu401 - %systemroot%\system32\qbposdbservices.dll File not found
NetSvcs: acrotray - %systemroot%\system32\DgiVecp.dll File not found
NetSvcs: cxusb - %systemroot%\system32\dlaifs_m.dll File not found
NetSvcs: epfw - %systemroot%\system32\edspport.dll File not found
NetSvcs: aksusb - %systemroot%\system32\vsmon.dll File not found
NetSvcs: oracleformsserver-forms60server-oraform - %systemroot%\system32\GBDevice.dll File not found
NetSvcs: omniserv - %systemroot%\system32\merakpop3.dll File not found
NetSvcs: hidgame - %systemroot%\system32\rpcsvr4x.dll File not found
NetSvcs: s125obex - %systemroot%\system32\SE2Ebus.dll File not found
NetSvcs: ICM10USB - %systemroot%\system32\TeamViewer.dll File not found
NetSvcs: elagopro - %systemroot%\system32\stllssvr.dll File not found
NetSvcs: SQLAgent$ABBEYIIOFFLINE - %systemroot%\system32\ctxhttp.dll File not found
NetSvcs: sfhlp02 - %systemroot%\system32\nmindexingservice.dll File not found
NetSvcs: nchssvad - %systemroot%\system32\mwlsvc.dll File not found
NetSvcs: aaksrv - %systemroot%\system32\SE2Bmdfl.dll File not found
NetSvcs: tcpip6 - %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll File not found
NetSvcs: backupexecnotificationserver - %systemroot%\system32\UBHelper.dll File not found
NetSvcs: sfhlp01 - %systemroot%\system32\yukonwxp.dll File not found
NetSvcs: DSXUSB - %systemroot%\system32\SiSRaid.dll File not found
NetSvcs: vwlogger - %systemroot%\system32\wlsetupsvc.dll File not found
NetSvcs: tdcmdpst - %systemroot%\system32\fsRamDsk.dll File not found
NetSvcs: UMAXPCLS - %systemroot%\system32\GBFSHook.dll File not found
NetSvcs: pavprsrv - %systemroot%\system32\s616mdm.dll File not found
NetSvcs: F700imd - %systemroot%\system32\digirefresh.dll File not found
NetSvcs: DM9102 - %systemroot%\system32\viairda.dll File not found
NetSvcs: msftesql - %systemroot%\system32\pinger.dll File not found
NetSvcs: regmanserv - %systemroot%\system32\wfxsvc.dll File not found
NetSvcs: dot4usb - %systemroot%\system32\FlexBios.dll File not found
NetSvcs: MSMQTriggers - %systemroot%\system32\SerTVOutCtlr.dll File not found
NetSvcs: pcnet - %systemroot%\system32\eloggersvc6.dll File not found
NetSvcs: ftrtsvc - %systemroot%\system32\dlapoolm.dll File not found
NetSvcs: NETGEAR_MA111 - %systemroot%\system32\vmnetadapter.dll File not found
NetSvcs: us30sys - %systemroot%\system32\ohci1394.dll File not found
NetSvcs: w300mdfl - %systemroot%\system32\snareiis.dll File not found
NetSvcs: pdlnslea - %systemroot%\system32\stirusb.dll File not found
NetSvcs: BUFADPT - %systemroot%\system32\ar5211.dll File not found
NetSvcs: nvstor32 - %systemroot%\system32\defragfs.dll File not found
NetSvcs: cwafreportscheduler - %systemroot%\system32\Defrag32b.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\rimsptsk.dll File not found
NetSvcs: wmp54gssvc - %systemroot%\system32\buslogic.dll File not found
NetSvcs: nvidesm - %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll File not found
NetSvcs: nlsvc - %systemroot%\system32\BUFADPT.dll File not found
NetSvcs: eelsservice - %systemroot%\system32\oracleorahomeagent.dll File not found
NetSvcs: rkhdrv31 - File not found
NetSvcs: ATIVXSTW - File not found
NetSvcs: eelogsvc - %systemroot%\system32\tosrfbnp.dll File not found
NetSvcs: wusb54gv2svc - %systemroot%\system32\awecho.dll File not found
NetSvcs: tosrfcom - %systemroot%\system32\imapiservice.dll File not found
NetSvcs: netsvc - %systemroot%\system32\pdengine.dll File not found
NetSvcs: oracleorahome811cman - %systemroot%\system32\sglogplayer.dll File not found
NetSvcs: ATIBTCAP - %systemroot%\system32\symc8xx.dll File not found
NetSvcs: thkeys - %systemroot%\system32\TIEHDUSB.dll File not found
NetSvcs: pptchpad - %systemroot%\system32\bcoreusb.dll File not found
NetSvcs: tunnelguardservice - %systemroot%\system32\tsmservice.dll File not found
NetSvcs: defragfs - %systemroot%\system32\lkclassads.dll File not found
NetSvcs: SWUMX20 - %systemroot%\system32\wmpnetworksvc.dll File not found
NetSvcs: MaRdPnp - %systemroot%\system32\mfeapfk.dll File not found
NetSvcs: A4S2600 - %systemroot%\system32\rt2500usb.dll File not found
NetSvcs: msmpsvc - %systemroot%\system32\SrvcEKIOMngr.dll File not found
NetSvcs: roxmediadb - %systemroot%\system32\carboniteservice.dll File not found
NetSvcs: ccflic0 - %systemroot%\system32\nmwcdc.dll File not found
NetSvcs: {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - %systemroot%\system32\ZTEusbmdm6k.dll File not found
NetSvcs: rtport - %systemroot%\system32\MSTAPE.dll File not found
NetSvcs: cidaemon - %systemroot%\system32\RDID1027.dll File not found
NetSvcs: midisyn - %systemroot%\system32\ntservice1.dll File not found
NetSvcs: razerusb - %systemroot%\system32\tfsndrct.dll File not found
NetSvcs: SE2Dmgmt - %systemroot%\system32\motoswitchservice.dll File not found
NetSvcs: ZDCNDIS5 - %systemroot%\system32\snare.dll File not found
NetSvcs: ctusfsyn - %systemroot%\system32\sit_prt.dll File not found
NetSvcs: winachsx - %systemroot%\system32\roxliveshare9.dll File not found
NetSvcs: nvnetbus - %systemroot%\system32\nm.dll File not found
NetSvcs: w200mdfl - %systemroot%\system32\vncmirror.dll File not found
NetSvcs: lxcf_device - %systemroot%\system32\fsssvc.dll File not found
NetSvcs: RESMGR - %systemroot%\system32\ndasbus.dll File not found
NetSvcs: elnkservice - %systemroot%\system32\ppped.dll File not found
NetSvcs: tos_sps32 - %systemroot%\system32\wpdusb.dll File not found
NetSvcs: vmware - %systemroot%\system32\rsvp.dll File not found
NetSvcs: ipsecmon - %systemroot%\system32\sbcssvc.dll File not found
NetSvcs: uisp - %systemroot%\system32\Nsynas32.dll File not found
NetSvcs: nvpvrmon - %systemroot%\system32\siskp.dll File not found
NetSvcs: pmj151la - %systemroot%\system32\enum1394.dll File not found
NetSvcs: starwindservice - %systemroot%\system32\ose.dll File not found
NetSvcs: epstnt01 - %systemroot%\system32\Epfwndis.dll File not found
NetSvcs: DSI_SiUSBXp_3_1 - %systemroot%\system32\SABSVC.dll File not found
NetSvcs: procmon10 - File not found
NetSvcs: dvd-ram_service - %systemroot%\system32\WINUSB.dll File not found
NetSvcs: thinkpadmodemservice - File not found
NetSvcs: STV680m - %systemroot%\system32\AIRPLUS.dll File not found
NetSvcs: bocdrive - %systemroot%\system32\kodakccs.dll File not found
NetSvcs: VirtualCam - %systemroot%\system32\U81xbus.dll File not found
NetSvcs: entertainment - %systemroot%\system32\PGPdisk.dll File not found
NetSvcs: belgium_id_card_service - %systemroot%\system32\LMouFilt.dll File not found
NetSvcs: USBAAPL - %systemroot%\system32\s117mdfl.dll File not found
NetSvcs: g400 - %systemroot%\system32\crcdisk.dll File not found
NetSvcs: cfgwzsvc - %systemroot%\system32\ahcix86s.dll File not found
NetSvcs: TMHIDSRV - %systemroot%\system32\pmsveh.dll File not found
NetSvcs: qmofiltr - %systemroot%\system32\trayman.dll File not found
NetSvcs: rimusb - %systemroot%\system32\icdsptsv.dll File not found
NetSvcs: usbvm321 - File not found
NetSvcs: ser2plms - File not found
NetSvcs: Intels51 - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 21:49:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/01 21:41:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2012/04/01 21:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/04/01 17:46:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/01 17:46:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/01 17:46:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/01 17:46:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/01 17:46:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 16:25:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 21:41:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2012/04/01 18:10:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/01 17:54:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/01 17:54:41 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/04/01 17:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 17:54:14 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/01 16:55:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
[2012/04/01 14:11:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/31 00:40:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/03/30 23:04:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 18:27:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2012/03/13 21:57:05 | 000,231,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 21:28:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 17:46:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/01 17:46:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/01 17:46:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/01 17:46:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/01 17:46:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/01 13:56:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 13:49:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
[2012/01/31 08:56:49 | 000,505,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/11 10:37:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

========== LOP Check ==========

[2011/03/04 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aPjLaDj09000
[2010/03/26 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/02/23 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDeOjKc06511
[2006/11/23 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/03/04 20:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dBlGlCg15406
[2010/01/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/04 02:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/11/20 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/30 14:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/10 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 04:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2011/05/16 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ElevatedDiagnostics
[2008/08/31 17:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ICAClient
[2008/09/21 23:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Leadertech
[2011/10/16 03:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Opera
[2008/08/31 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Runaware
[2010/05/28 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\webex
[2010/04/07 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2012/02/08 16:16:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/03/27 18:27:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/04 00:38:03 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
[2012/04/01 17:54:12 | 000,316,060 | ---- | M] () -- C:\aaw7boot.log
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/09 03:32:29 | 000,022,743 | ---- | M] () -- C:\BBS GMER Post.txt
[2008/06/08 07:20:24 | 000,002,599 | ---- | M] () -- C:\BCG.p10
[2006/08/15 19:32:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/05 00:30:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/11/14 20:57:52 | 000,007,850 | ---- | M] () -- C:\caisslog.txt
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/04/01 18:12:48 | 000,013,976 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/10 11:27:30 | 000,006,414 | RH-- | M] () -- C:\dell.sdr
[2012/04/01 17:53:11 | 000,406,725 | ---- | M] () -- C:\dlcf.log
[2012/02/04 20:50:18 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/06/09 00:51:23 | 000,006,276 | ---- | M] () -- C:\GMER Before Scan.log
[2010/06/09 02:16:46 | 000,004,035 | ---- | M] () -- C:\GMER Completed Scan - Bottom of Log.log
[2010/06/09 01:15:38 | 000,010,872 | ---- | M] () -- C:\GMER Partial Scan.log
[2012/04/01 17:54:14 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/15 23:13:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/08/10 11:53:52 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2011/09/29 00:30:07 | 000,026,025 | ---- | M] () -- C:\JavaRa.log
[2006/08/15 23:33:56 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2007/04/16 22:09:48 | 000,003,442 | ---- | M] () -- C:\lvcoinst.log
[2010/06/06 21:29:54 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 07:41:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/01 17:54:12 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/06 20:24:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/07 03:05:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/07 04:55:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/07 03:26:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/07/24 02:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/07/25 22:29:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/24 06:03:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/25 16:19:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/26 02:28:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/26 15:34:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/27 20:47:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/01 19:39:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/02 10:34:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/02 09:44:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/02 14:13:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/03 12:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/19 08:56:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/20 09:46:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/19 21:55:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/20 00:31:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/20 00:31:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/06 20:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/07 04:55:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/07 03:05:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/07/07 03:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/07/24 02:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/07/25 22:29:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/24 06:03:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/25 16:19:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/26 02:28:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/26 15:34:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/27 20:47:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/01 19:39:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/02 10:34:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/02 09:44:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/02 14:13:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/03 12:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/05/19 08:56:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/20 09:46:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/19 21:55:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/08/10 11:54:02 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/03/11 01:38:37 | 002,121,728 | -H-- | M] () -- C:\SZKGFS.dat
[2011/12/30 23:22:42 | 000,076,838 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_22.21.57_log.txt
[2011/10/11 07:33:25 | 000,076,780 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_07.31.37_log.txt
[2012/04/01 16:28:21 | 000,127,322 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_16.24.25_log.txt
[2008/09/27 23:58:57 | 000,005,952 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/09/01 13:35:11 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/09/29 12:28:54 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/12/10 09:24:06 | 000,082,168 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 12:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2008/08/26 07:47:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/15 18:00:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2007/08/29 00:12:42 | 000,591,136 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\DMSetup.exe
[2008/07/06 13:23:16 | 007,496,920 | ---- | M] (Mozilla) -- C:\Documents and Settings\Brandon McGahee\Desktop\Firefox Setup 3.0.exe
[2009/11/22 21:07:55 | 001,183,536 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\GoBoingo_YgByAGEAbgBkAG8AbgA1AA==_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/09/03 19:56:49 | 000,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Brandon McGahee\Desktop\GooredFix.exe
[2010/04/07 20:22:16 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2007/04/30 07:08:53 | 000,907,624 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MM061A12.EXE
[2007/05/28 04:55:04 | 000,908,139 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MM061A14.EXE
[2012/04/01 21:41:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2011/10/11 07:55:50 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Brandon McGahee\Desktop\PSISetup.exe
[2007/05/21 00:38:26 | 094,664,384 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\R138747.EXE
[2007/05/02 01:36:49 | 012,711,440 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Brandon McGahee\Desktop\RealPlayer10-5GOLD.exe
[2008/05/04 13:04:43 | 022,300,968 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Brandon McGahee\Desktop\SkypeSetup.exe
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2011/10/11 07:38:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\TFC(1).exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/08 16:16:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2004/08/04 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/03/27 18:27:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/01 17:54:41 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/03/31 00:40:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/04/01 18:12:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/09 21:18:39 | 111,864,418 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\5704xdat.exe
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2009/09/02 15:12:13 | 060,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Brandon McGahee\My Documents\Ad-AwareAE.exe
[2009/09/03 06:29:22 | 000,848,656 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Brandon McGahee\My Documents\avg_avwt_stb_all_8_32.exe
[2008/07/06 03:56:38 | 002,919,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Brandon McGahee\My Documents\ccsetup209.exe
[2009/09/03 06:25:04 | 000,339,257 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\CleanUp452.exe
[2009/07/04 20:23:31 | 003,912,484 | ---- | M] (Mozilla) -- C:\Documents and Settings\Brandon McGahee\My Documents\Firefox Setup 3.5.exe
[2009/07/04 10:31:56 | 001,177,392 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgBtAGMAZwBhAGgAZQBlADcANQA=_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/06/19 22:35:08 | 001,177,392 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgA3ADUA_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2010/02/07 00:26:29 | 001,183,536 | ---- | M] (Boingo Wireless, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgAuAG0AYwBnAGEAaABlAGUA_YgBvAGkAbgBnAG8A_GoBoingo.exe
[2009/08/29 01:44:23 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\GoBoingo_YgByAGEAbgBkAG8AbgAwADcAMAA1AA==_YQB0AGwAYQBuAHQAYQA=_GoBoingo.exe
[2009/09/03 03:09:44 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HijackThis.exe
[2009/09/03 03:02:57 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HijackThisInstaller.exe
[2010/01/27 16:40:55 | 004,955,456 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Brandon McGahee\My Documents\HitmanPro35.exe
[2008/07/06 12:57:36 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Brandon McGahee\My Documents\install_flash_player.exe
[2008/09/30 01:56:11 | 068,690,749 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Intel_multi-device_A13_R171131.exe
[2008/10/30 22:09:33 | 000,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\jxpiinstall.exe
[2008/07/06 04:15:17 | 014,120,442 | ---- | M] ( ) -- C:\Documents and Settings\Brandon McGahee\My Documents\klcodec395f.exe
[2010/03/22 04:17:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\My Documents\mbam-setup.exe
[2009/09/01 13:38:45 | 000,442,080 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\msgr9us.exe
[2010/02/11 20:27:08 | 250,204,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon McGahee\My Documents\ProjectProfessional.exe
[2010/01/26 17:20:38 | 034,628,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\sdsetup.exe
[2010/02/27 20:03:44 | 001,688,360 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SkypeSetup.exe
[2009/09/02 21:45:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Brandon McGahee\My Documents\spybotsd162.exe
[2010/03/22 02:46:44 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/01/27 00:07:47 | 042,067,368 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpySweeperSNRSetup_EN.exe
[2009/09/03 16:09:12 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\STOPzilla_Setup.exe
[2008/08/31 16:59:14 | 000,555,288 | ---- | M] (Runaware, Inc) -- C:\Documents and Settings\Brandon McGahee\My Documents\TestDriveWizard-v1.4.1.exe
[2008/07/06 12:17:28 | 000,185,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Brandon McGahee\My Documents\uninstall_flash_player.exe
[2008/09/28 00:46:52 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Brandon McGahee\My Documents\WinsockxpFix.exe
[2010/03/16 18:53:22 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe
[2008/08/31 17:11:53 | 248,975,048 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brandon McGahee\My Documents\X12-30351.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/15 18:00:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/04/01 18:16:57 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2007/09/11 10:54:00 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

 

OTL Extras logfile created on: 4/1/2012 9:54:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.06% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 33.33 Gb Free Space | 49.98% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Network Adapter Setup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Color Printer 725" = Dell Color Printer 725
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Opera 11.61.1250" = Opera 11.61
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2012 1:23:14 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/1/2012 1:23:17 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 4/1/2012 10:09:00 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/1/2012 10:09:03 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 4/1/2012 4:34:20 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/1/2012 4:34:23 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 4/1/2012 5:59:05 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/1/2012 5:59:08 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 4/1/2012 6:13:58 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/1/2012 6:14:01 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Schscnt service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The MTDVC2_ENUM service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Googledesktopmanager service terminated with the following error:
%%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The PTDCVsp service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Cdr4_xp service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Dm1service service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Hibernation service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The VIAPFD service terminated with the following error: %%126

Error - 4/1/2012 5:54:22 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The V2imount service terminated with the following error: %%126

Error - 4/1/2012 5:54:51 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

 

All processes killed
========== OTL ==========
Folder C:\Documents and Settings\All Users\Application Data\aPjLaDj09000\ not found.
Folder C:\Documents and Settings\All Users\Application Data\bDeOjKc06511\ not found.
Folder C:\Documents and Settings\All Users\Application Data\dBlGlCg15406\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 151368 bytes
->Temporary Internet Files folder emptied: 7536448 bytes
->Java cache emptied: 1635112 bytes
->FireFox cache emptied: 61947507 bytes
->Opera cache emptied: 744587 bytes
->Flash cache emptied: 1357 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1425 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 57176 bytes
%systemroot%\System32 .tmp files removed: 4784 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 593920 bytes

Total Files Cleaned = 69.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Brandon McGahee
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04012012_233346

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

I am having a problem installing the new version of Java. Each time I try, I get an error message saying "Internal Error 2753. regutils.dll "