Solved Slow Performance after Removing Virus/Malware

sambaker · 2012/08/09

[Resolved] Slow Performance after Removing Virus/Malware

I am experiencing extremely slow performance since I removed a virus/malware using Malwarebytes Anti-Malware a couple of days ago. I am also experiencing occasional Blue Screen system crashes. The Blue Screen crashes actually started with a couple of crashes over the last few weeks. Subsequent reboot attempts at that point were successful, so I just ignored those crashes. Then a couple of days ago, I was hit with a virus that took over my machine by changing the resoultion of my desktop to make everything super large and then replacing the desktop with a notice saying it was from the FBI and I had to buy a Moneypak Green Dot card and use it to make a payment to fix the problem. Once the virus hit, everytime I rebooted in normal mode, the same Moneypak screen would display over the over-sized desktop.

I tried to reboot in Safe Mode, but I could not (consistently resulted in Blue Screen crashes before I could complete booting up). I eventually was able to get to Safe Mode by booting from Directory Services Restore Mode. Once I got to Safe Mode, I update Malwarebytes and ran a scan. It identified about 7 problems that were removed or fixed. I was then able to boot up normally, but all of the shortcuts on my desktop were gone. So then I restored from a System Restore point from last weekend. The System Restore restored the Desktop shortcuts. Everything was ok for about a day or so, then I started experiencing extremely slow performance and more Blue Screen crashes. That is where I am now.

I will include both of the Malwarebytes logs: the first one is the one that shows the original virus detection/removal. The second one is the next one I ran after I started experiencing slow performance that shows it detected nothing.

First Malwarebytes log from 8/7/2012:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Brandon McGahee :: BRANDON [administrator]

8/7/2012 10:22:30 PM
mbam-log-2012-08-07 (22-22-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234760
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|705A535B781A56 (Trojan.Cridex) -> Data: "C:\Documents and Settings\All Users\Application Data\705A535B781A56\705A535B781A56.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|705A535B781A56 (Trojan.Cridex) -> Data: "C:\Documents and Settings\All Users\Application Data\705A535B781A56\705A535B781A56.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\705A535B781A56\705A535B781A56.exe (Trojan.Cridex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\temp\e3s.exe (Trojan.Cridex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\twain.dll (Trojan.MSIL) -> Quarantined and deleted successfully.

(end)

Second Malwarebytes log from 8/9/2012:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Brandon McGahee :: BRANDON [administrator]

8/8/2012 10:41:24 PM
mbam-log-2012-08-08 (22-41-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236358
Time elapsed: 25 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-09 19:02:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
Running: oqi3eree.exe; Driver: C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\pxldqpob.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9ED05E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9ED0612]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9ED05BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9ED0594]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9ED05A8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9ED05FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9ED063E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtSetSecurityObject 805C0636 5 Bytes JMP B9ED0642 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB456 5 Bytes JMP B9ED0598 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6E2 5 Bytes JMP B9ED05AC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806239F8 7 Bytes JMP B9ED0600 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80624472 7 Bytes JMP B9ED05EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80624642 7 Bytes JMP B9ED0616 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806253B4 5 Bytes JMP B9ED05C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[128] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1640] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4D0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A530] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011E2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011E2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011E2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011E2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B92F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B92C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01B92CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B92CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\WINDOWS\Explorer.EXE[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 192410505

---- EOF - GMER 1.0.15 ----

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 21:18:31
-----------------------------
21:18:31.416 OS Version: Windows 5.1.2600 Service Pack 3
21:18:31.416 Number of processors: 2 586 0xE08
21:18:31.416 ComputerName: BRANDON UserName:
21:18:37.666 Initialize success
21:18:51.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:18:51.994 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 93958MB BusType: 3
21:18:52.010 Disk 0 MBR read successfully
21:18:52.010 Disk 0 MBR scan
21:18:52.010 Disk 0 unknown MBR code
21:18:52.010 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:18:52.025 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68284 MB offset 96390
21:18:52.041 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22042 MB offset 139958280
21:18:52.072 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3569 MB offset 185100930
21:18:52.103 Disk 0 scanning sectors +192410505
21:18:52.182 Disk 0 PE file @ sector 192410505 !
21:18:52.228 Disk 0 scanning C:\WINDOWS\system32\drivers
21:20:24.463 Service scanning
21:21:31.807 Modules scanning
21:22:04.635 Disk 0 trace - called modules:
21:22:04.650 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:22:04.666 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ababab8]
21:22:04.666 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8abb7f18]
21:22:04.666 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aba2940]
21:22:04.682 Scan finished successfully
21:38:47.728 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat "
21:38:47.744 The log file has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\aswMBR.txt "

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by Brandon McGahee at 21:53:50 on 2012-08-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1412 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Belkin\F5D8051v2\chkdev.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.msn.com/
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627203058.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\NetWaiting.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8051v2\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F} : DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brandon mcgahee\application data\mozilla\firefox\profiles\6akbzgc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-8 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-19 89792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-19 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-19 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-19 151880]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-19 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-8 180848]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-19 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83856]
S2 avgascln;RushTopDevice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavprsrv;HssTrayService;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 savrtpel;Db2remotecmd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
S2 starwindservice;Msftpsvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ZDCNDIS5;VIAPFD;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-8 59456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-19 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-8 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-8 40552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-2-27 30576]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
.
=============== Created Last 30 ================
.
2012-08-08 02:51:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-08 02:51:53 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-08-09 23:27:09 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-03 03:43:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 03:43:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 21:56:21.85 ===============

sambaker · 2012/08/09

attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2006 6:00:14 PM
System Uptime: 8/9/2012 7:17:36 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 31.109 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 21.462 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP59: 5/27/2012 10:16:24 AM - System Checkpoint
RP60: 5/28/2012 2:36:48 PM - System Checkpoint
RP61: 5/29/2012 7:08:20 PM - System Checkpoint
RP62: 5/30/2012 7:34:30 PM - System Checkpoint
RP63: 5/31/2012 8:15:43 PM - System Checkpoint
RP64: 6/2/2012 8:16:04 AM - System Checkpoint
RP65: 6/3/2012 3:39:12 PM - System Checkpoint
RP66: 6/4/2012 6:49:46 PM - System Checkpoint
RP67: 6/4/2012 11:44:12 PM - Software Distribution Service 3.0
RP68: 6/6/2012 2:41:56 AM - System Checkpoint
RP69: 6/7/2012 7:09:32 AM - System Checkpoint
RP70: 6/8/2012 3:13:37 PM - System Checkpoint
RP71: 6/10/2012 12:21:29 PM - System Checkpoint
RP72: 6/11/2012 6:55:26 PM - System Checkpoint
RP73: 6/13/2012 2:24:40 AM - System Checkpoint
RP74: 6/13/2012 3:00:19 AM - Software Distribution Service 3.0
RP75: 6/14/2012 8:38:47 PM - System Checkpoint
RP76: 6/15/2012 10:48:53 PM - System Checkpoint
RP77: 6/17/2012 3:09:40 AM - System Checkpoint
RP78: 6/19/2012 1:03:53 AM - System Checkpoint
RP79: 6/20/2012 3:55:55 AM - System Checkpoint
RP80: 6/21/2012 3:57:11 AM - System Checkpoint
RP81: 6/22/2012 4:34:35 AM - System Checkpoint
RP82: 6/23/2012 10:01:54 AM - System Checkpoint
RP83: 6/24/2012 7:18:00 PM - System Checkpoint
RP84: 6/25/2012 7:29:15 PM - System Checkpoint
RP85: 6/26/2012 8:53:36 PM - System Checkpoint
RP86: 6/27/2012 10:35:01 PM - System Checkpoint
RP87: 6/29/2012 4:04:29 AM - System Checkpoint
RP88: 6/30/2012 4:32:47 AM - System Checkpoint
RP89: 7/1/2012 4:53:15 AM - System Checkpoint
RP90: 7/2/2012 5:04:22 AM - System Checkpoint
RP91: 7/3/2012 5:19:00 AM - System Checkpoint
RP92: 7/4/2012 5:50:02 AM - System Checkpoint
RP93: 7/5/2012 5:59:58 AM - System Checkpoint
RP94: 7/6/2012 6:01:32 AM - System Checkpoint
RP95: 7/7/2012 6:07:53 AM - System Checkpoint
RP96: 7/8/2012 6:47:07 AM - System Checkpoint
RP97: 7/9/2012 7:23:29 AM - System Checkpoint
RP98: 7/10/2012 9:52:30 AM - System Checkpoint
RP99: 7/10/2012 10:01:12 PM - Software Distribution Service 3.0
RP100: 7/12/2012 10:01:53 AM - System Checkpoint
RP101: 7/15/2012 4:17:33 AM - System Checkpoint
RP102: 7/17/2012 2:59:53 AM - System Checkpoint
RP103: 7/18/2012 3:01:44 AM - System Checkpoint
RP104: 7/19/2012 3:17:34 AM - System Checkpoint
RP105: 7/20/2012 3:22:21 AM - System Checkpoint
RP106: 7/21/2012 9:59:06 AM - System Checkpoint
RP107: 7/22/2012 11:45:35 AM - System Checkpoint
RP108: 7/24/2012 7:46:45 AM - System Checkpoint
RP109: 7/26/2012 2:08:50 AM - System Checkpoint
RP110: 7/27/2012 10:49:46 AM - System Checkpoint
RP111: 7/28/2012 5:38:42 PM - System Checkpoint
RP112: 7/30/2012 1:15:44 AM - System Checkpoint
RP113: 7/31/2012 1:38:03 AM - System Checkpoint
RP114: 8/1/2012 7:59:56 AM - System Checkpoint
RP115: 8/2/2012 8:22:56 AM - System Checkpoint
RP116: 8/3/2012 8:28:53 AM - System Checkpoint
RP117: 8/4/2012 4:08:24 PM - System Checkpoint
RP118: 8/7/2012 8:16:33 AM - System Checkpoint
RP119: 8/7/2012 10:50:27 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.57
725plc32
Ad-Aware
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
Belkin N1 Wireless USB Network Adapter Setup
Broadcom Management Programs
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESET Online Scanner v3
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
iS3 STOPzilla Toolbar
Java(TM) 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 3.9.5 (Full)
Learn2 Player (Uninstall Only)
Logitech Legacy USB Camera Driver Package
Logitech Updater
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2007
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Project Professional 2010 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14 (Beta)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Modem Helper
Mozilla Firefox 14.0.1 (x86 en-GB)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mZConfig
NetWaiting
Network Recording Player
NetZeroInstallers
NTI Shadow
Opera 11.61
PowerDVD 5.7
QuickSet
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Search Assist
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.5
Snagit 10
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TestDrive Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebEx
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinZip 14.5
WordPerfect Office 12
WOT for Internet Explorer
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 7:29:35 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 b9f395f7.
8/9/2012 7:22:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/9/2012 7:22:52 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2012 7:21:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/9/2012 12:55:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/9/2012 1:24:01 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Zpcollector service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Wuser32 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The WinHttpAutoProxySvc service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Wg3n service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Websensewfreportserver service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Vwkernel service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Vvoice service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Veteboot service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Vc5secs service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Uscbs108 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Usbsermpt service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Trcboot service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Tmesbs32 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Telnet service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Symsecureport service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Susbser service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Sus2pl service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Stylexpservice service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Ssidrv service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Sscdmdm service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The SrvcTPIOMngr service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Sp_clamsrv service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Snpstd2 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Snapman service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Se58obex service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The S217bus service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The S116mgmt service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The RushTopDevice service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Roxupnpserver service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Roxupnprenderer service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The RMSvc service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Rampartsvc service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Qhwscsvc service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Purgeieservice service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Pimsgss service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Phc600 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The PEVSystemStart service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Pdlnacom service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Pcradminserver service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The PAR1284 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Nvmd service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Netrcacm service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Msftpsvc service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Midisyn service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The M2500 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Lxda_device service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Lilsgt service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The L1e service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Inetaccs service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Imagedrv service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The HssTrayService service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Houdinilicenseserver service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The HFACSVC service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Ftpds service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Freepops service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Euq_monitor service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Enum1394 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The E1000 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The DS1410D service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Dmisrv service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The DMICall service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Dlbx_device service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Digictrl service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Dcsloader service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Db2remotecmd service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Coste service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Cis1284 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Cap7134 service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Caisafe service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The BrScnUsb service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The BLKWGU(Belkin) service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Bhmonitorservice service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The BCMWLNPF service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The AVerBDA service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Avcgbdr service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Atmuni service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The AsusACPI service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Askernel service terminated with the following error: The specified module could not be found.
8/7/2012 9:23:03 PM, error: Service Control Manager [7023] - The Acnusvc service terminated with the following error: The specified module could not be found.
8/7/2012 8:52:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
8/7/2012 8:52:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
8/7/2012 8:52:21 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Wmp54gsvc service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Vulfntrs service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The VIAPFD service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The V2imount service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Sfilter service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Se44mgmt service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Schscnt service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Rdpdd service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The PTDCVsp service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Protectionservice service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Netdevio service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The MTDVC2_ENUM service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Lirsgt service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Hibernation service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Googledesktopmanager service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Dm1service service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The CTMFLT service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The CTEDSPFX.DLL service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The Cdr4_xp service terminated with the following error: The specified module could not be found.
8/7/2012 6:40:56 PM, error: Service Control Manager [7023] - The ATIVTUTW service terminated with the following error: The specified module could not be found.
8/7/2012 10:56:18 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001302CE2871 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/7/2012 10:11:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 10:11:26 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 11:45:55 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
8/2/2012 8:10:14 PM, error: DCOM [10015] - The machine wide limit settings do not grant Local Launch permission for the COM Server application with CLSID {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

broni · 2012/08/09

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=========================================

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

sambaker · 2012/08/09

23:31:04.0525 1208 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:31:05.0744 1208 ============================================================
23:31:05.0744 1208 Current date / time: 2012/08/09 23:31:05.0744
23:31:05.0744 1208 SystemInfo:
23:31:05.0744 1208
23:31:05.0744 1208 OS Version: 5.1.2600 ServicePack: 3.0
23:31:05.0744 1208 Product type: Workstation
23:31:05.0744 1208 ComputerName: BRANDON
23:31:05.0744 1208 UserName: Brandon McGahee
23:31:05.0744 1208 Windows directory: C:\WINDOWS
23:31:05.0744 1208 System windows directory: C:\WINDOWS
23:31:05.0744 1208 Processor architecture: Intel x86
23:31:05.0744 1208 Number of processors: 2
23:31:05.0744 1208 Page size: 0x1000
23:31:05.0744 1208 Boot type: Normal boot
23:31:05.0744 1208 ============================================================
23:31:10.0166 1208 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:31:10.0166 1208 ============================================================
23:31:10.0166 1208 \Device\Harddisk0\DR0:
23:31:10.0182 1208 MBR partitions:
23:31:10.0182 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x855E0C1
23:31:10.0182 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8579808, BlocksNum 0x2B0D27A
23:31:10.0182 1208 ============================================================
23:31:10.0228 1208 C: <-> \Device\Harddisk0\DR0\Partition0
23:31:10.0291 1208 D: <-> \Device\Harddisk0\DR0\Partition1
23:31:10.0291 1208 ============================================================
23:31:10.0291 1208 Initialize success
23:31:10.0291 1208 ============================================================
23:31:45.0400 5848 ============================================================
23:31:45.0400 5848 Scan started
23:31:45.0400 5848 Mode: Manual;
23:31:45.0400 5848 ============================================================
23:31:46.0275 5848 A4S2600 - ok
23:31:46.0275 5848 aaksrv - ok
23:31:46.0338 5848 Abiosdsk - ok
23:31:46.0385 5848 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:31:46.0478 5848 abp480n5 - ok
23:31:46.0603 5848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:31:46.0697 5848 ACPI - ok
23:31:46.0713 5848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:31:46.0728 5848 ACPIEC - ok
23:31:46.0728 5848 acrotray - ok
23:31:46.0916 5848 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:31:46.0932 5848 AdobeFlashPlayerUpdateSvc - ok
23:31:46.0994 5848 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:31:47.0119 5848 adpu160m - ok
23:31:47.0213 5848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:31:47.0291 5848 aec - ok
23:31:47.0338 5848 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:31:47.0416 5848 AegisP - ok
23:31:47.0510 5848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:31:47.0666 5848 AFD - ok
23:31:47.0713 5848 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:31:47.0744 5848 agp440 - ok
23:31:47.0775 5848 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:31:47.0807 5848 agpCPQ - ok
23:31:47.0838 5848 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:31:47.0916 5848 Aha154x - ok
23:31:47.0963 5848 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:31:48.0057 5848 aic78u2 - ok
23:31:48.0103 5848 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:31:48.0197 5848 aic78xx - ok
23:31:48.0213 5848 aksusb - ok
23:31:48.0244 5848 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:31:48.0260 5848 Alerter - ok
23:31:48.0307 5848 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:31:48.0338 5848 ALG - ok
23:31:48.0353 5848 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:31:48.0416 5848 AliIde - ok
23:31:48.0447 5848 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:31:48.0478 5848 alim1541 - ok
23:31:48.0510 5848 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:31:48.0541 5848 amdagp - ok
23:31:48.0557 5848 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:31:48.0635 5848 amsint - ok
23:31:48.0682 5848 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:31:48.0822 5848 APPDRV - ok
23:31:48.0822 5848 AppMgmt - ok
23:31:48.0869 5848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:31:48.0900 5848 Arp1394 - ok
23:31:48.0963 5848 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:31:49.0041 5848 asc - ok
23:31:49.0057 5848 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:31:49.0150 5848 asc3350p - ok
23:31:49.0166 5848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:31:49.0244 5848 asc3550 - ok
23:31:49.0385 5848 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:31:49.0478 5848 aspnet_state - ok
23:31:49.0510 5848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:31:49.0525 5848 AsyncMac - ok
23:31:49.0588 5848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:31:49.0588 5848 atapi - ok
23:31:49.0588 5848 Atdisk - ok
23:31:49.0838 5848 Ati HotKey Poller (954c1d5b84d1cf925999a4c27e2ab34d) C:\WINDOWS\system32\Ati2evxx.exe
23:31:49.0932 5848 Ati HotKey Poller - ok
23:31:50.0775 5848 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:31:50.0791 5848 ati2mtag - ok
23:31:51.0213 5848 ATIBTCAP - ok
23:31:51.0353 5848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:31:51.0400 5848 Atmarpc - ok
23:31:51.0447 5848 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:31:51.0463 5848 AudioSrv - ok
23:31:51.0478 5848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:31:51.0494 5848 audstub - ok
23:31:51.0494 5848 avgascln - ok
23:31:51.0494 5848 AVRec - ok
23:31:51.0510 5848 backupexecnotificationserver - ok
23:31:51.0541 5848 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:31:51.0619 5848 bcm4sbxp - ok
23:31:51.0650 5848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:31:51.0650 5848 Beep - ok
23:31:51.0650 5848 belgium_id_card_service - ok
23:31:51.0885 5848 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:31:52.0072 5848 BITS - ok
23:31:52.0072 5848 bocdrive - ok
23:31:52.0119 5848 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:31:52.0166 5848 Browser - ok
23:31:52.0166 5848 bt3cser - ok
23:31:52.0369 5848 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
23:31:52.0603 5848 btaudio - ok
23:31:52.0666 5848 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
23:31:52.0682 5848 BTDriver - ok
23:31:53.0182 5848 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:31:53.0713 5848 BTKRNL - ok
23:31:53.0978 5848 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
23:31:54.0135 5848 BTSERIAL - ok
23:31:58.0135 5848 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:31:58.0291 5848 btwdins - ok
23:31:59.0588 5848 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:31:59.0916 5848 BTWDNDIS - ok
23:32:00.0682 5848 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:32:00.0775 5848 btwhid - ok
23:32:00.0822 5848 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
23:32:00.0900 5848 btwmodem - ok
23:32:00.0963 5848 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
23:32:01.0072 5848 BTWUSB - ok
23:32:01.0072 5848 BUFADPT - ok
23:32:01.0119 5848 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:32:01.0135 5848 cbidf - ok
23:32:01.0135 5848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:01.0135 5848 cbidf2k - ok
23:32:01.0166 5848 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:32:01.0182 5848 CCDECODE - ok
23:32:01.0182 5848 ccflic0 - ok
23:32:01.0197 5848 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:32:01.0275 5848 cd20xrnt - ok
23:32:01.0307 5848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:01.0322 5848 Cdaudio - ok
23:32:01.0369 5848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:01.0400 5848 Cdfs - ok
23:32:01.0463 5848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:01.0494 5848 Cdrom - ok
23:32:01.0494 5848 cfgwzsvc - ok
23:32:01.0510 5848 cfsvcs - ok
23:32:01.0557 5848 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
23:32:01.0588 5848 cfwids - ok
23:32:01.0588 5848 Changer - ok
23:32:01.0603 5848 cidaemon - ok
23:32:01.0635 5848 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:32:01.0635 5848 CiSvc - ok
23:32:01.0666 5848 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:32:01.0697 5848 ClipSrv - ok
23:32:01.0838 5848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:01.0932 5848 clr_optimization_v2.0.50727_32 - ok
23:32:01.0978 5848 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:32:01.0978 5848 CmBatt - ok
23:32:02.0025 5848 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:32:02.0041 5848 CmdIde - ok
23:32:02.0057 5848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:32:02.0057 5848 Compbatt - ok
23:32:02.0072 5848 COMSysApp - ok
23:32:02.0103 5848 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:32:02.0119 5848 Cpqarray - ok
23:32:02.0166 5848 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:32:02.0213 5848 CryptSvc - ok
23:32:02.0213 5848 ctusfsyn - ok
23:32:02.0213 5848 cwafreportscheduler - ok
23:32:02.0228 5848 cxusb - ok
23:32:02.0463 5848 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:32:02.0557 5848 dac2w2k - ok
23:32:02.0588 5848 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:32:02.0666 5848 dac960nt - ok
23:32:02.0900 5848 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:32:03.0103 5848 DcomLaunch - ok
23:32:03.0103 5848 defragfs - ok
23:32:03.0182 5848 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:32:03.0213 5848 Dhcp - ok
23:32:03.0275 5848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:03.0291 5848 Disk - ok
23:32:03.0291 5848 dlcf_device - ok
23:32:03.0307 5848 DM9102 - ok
23:32:03.0307 5848 dmadmin - ok
23:32:03.0760 5848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:04.0228 5848 dmboot - ok
23:32:04.0478 5848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:32:04.0557 5848 dmio - ok
23:32:04.0603 5848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:04.0603 5848 dmload - ok
23:32:04.0650 5848 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:32:04.0666 5848 dmserver - ok
23:32:04.0728 5848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:04.0760 5848 DMusic - ok
23:32:04.0807 5848 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:32:04.0822 5848 Dnscache - ok
23:32:05.0119 5848 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:32:05.0197 5848 Dot3svc - ok
23:32:05.0197 5848 dot4usb - ok
23:32:05.0244 5848 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:32:05.0260 5848 dpti2o - ok
23:32:05.0291 5848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:05.0291 5848 drmkaud - ok
23:32:05.0369 5848 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
23:32:05.0478 5848 drvmcdb - ok
23:32:05.0510 5848 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
23:32:05.0603 5848 drvnddm - ok
23:32:05.0807 5848 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
23:32:05.0932 5848 DSBrokerService - ok
23:32:05.0963 5848 DSI_SiUSBXp_3_1 - ok
23:32:06.0150 5848 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:32:06.0213 5848 DSproct - ok
23:32:06.0244 5848 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
23:32:06.0260 5848 dsunidrv - ok
23:32:06.0260 5848 DSXUSB - ok
23:32:06.0275 5848 dvd-ram_service - ok
23:32:06.0353 5848 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:32:06.0478 5848 E100B - ok
23:32:06.0541 5848 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:32:06.0557 5848 EapHost - ok
23:32:06.0557 5848 eelogsvc - ok
23:32:06.0572 5848 eelsservice - ok
23:32:06.0572 5848 elagopro - ok
23:32:06.0572 5848 elnkservice - ok
23:32:06.0588 5848 elockservice - ok
23:32:06.0588 5848 entertainment - ok
23:32:06.0588 5848 epfw - ok
23:32:06.0603 5848 epstnt01 - ok
23:32:06.0635 5848 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:32:06.0650 5848 ERSvc - ok
23:32:06.0744 5848 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:32:06.0744 5848 Eventlog - ok
23:32:06.0978 5848 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:32:07.0228 5848 EventSystem - ok
23:32:07.0744 5848 EvtEng (f10e7aa8bdf4488e3dfa989b8e7f7c9f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
23:32:07.0822 5848 EvtEng - ok
23:32:07.0822 5848 F700imd - ok
23:32:08.0213 5848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:08.0291 5848 Fastfat - ok
23:32:08.0385 5848 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:32:08.0463 5848 FastUserSwitchingCompatibility - ok
23:32:08.0635 5848 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
23:32:08.0775 5848 Fax - ok
23:32:08.0791 5848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:32:08.0807 5848 Fdc - ok
23:32:08.0853 5848 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
23:32:09.0057 5848 FilterService - ok
23:32:09.0150 5848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:32:09.0182 5848 Fips - ok
23:32:09.0197 5848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:32:09.0213 5848 Flpydisk - ok
23:32:09.0307 5848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:09.0369 5848 FltMgr - ok
23:32:09.0494 5848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:32:09.0525 5848 FontCache3.0.0.0 - ok
23:32:09.0557 5848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:09.0572 5848 Fs_Rec - ok
23:32:09.0635 5848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:09.0713 5848 Ftdisk - ok
23:32:09.0713 5848 ftrtsvc - ok
23:32:09.0713 5848 g400 - ok
23:32:09.0744 5848 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
23:32:09.0807 5848 GearAspiWDM - ok
23:32:09.0853 5848 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
23:32:09.0932 5848 GEARSecurity - ok
23:32:10.0166 5848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:10.0182 5848 Gpc - ok
23:32:10.0291 5848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:32:10.0369 5848 HDAudBus - ok
23:32:10.0447 5848 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:32:10.0463 5848 helpsvc - ok
23:32:10.0478 5848 hidgame - ok
23:32:10.0494 5848 HidServ - ok
23:32:10.0557 5848 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:32:10.0588 5848 hkmsvc - ok
23:32:10.0635 5848 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:32:10.0713 5848 hpn - ok
23:32:10.0900 5848 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:32:11.0197 5848 HSFHWAZL - ok
23:32:11.0791 5848 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:32:12.0588 5848 HSF_DPV - ok
23:32:12.0760 5848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:12.0775 5848 HTTP - ok
23:32:12.0807 5848 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:32:12.0822 5848 HTTPFilter - ok
23:32:12.0838 5848 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:32:12.0853 5848 i2omgmt - ok
23:32:12.0869 5848 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:32:12.0885 5848 i2omp - ok
23:32:13.0150 5848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:13.0182 5848 i8042prt - ok
23:32:13.0182 5848 ICM10USB - ok
23:32:13.0791 5848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:32:14.0510 5848 idsvc - ok
23:32:14.0557 5848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:32:14.0572 5848 Imapi - ok
23:32:14.0682 5848 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:32:14.0760 5848 ImapiService - ok
23:32:14.0807 5848 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:32:14.0869 5848 ini910u - ok
23:32:14.0900 5848 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:32:14.0916 5848 IntelIde - ok
23:32:14.0947 5848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:14.0994 5848 intelppm - ok
23:32:15.0197 5848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:15.0213 5848 Ip6Fw - ok
23:32:15.0275 5848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:15.0291 5848 IpFilterDriver - ok
23:32:15.0322 5848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:15.0338 5848 IpInIp - ok
23:32:15.0432 5848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:15.0525 5848 IpNat - ok
23:32:15.0572 5848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:15.0619 5848 IPSec - ok
23:32:15.0619 5848 ipsecmon - ok
23:32:15.0635 5848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:15.0650 5848 IRENUM - ok
23:32:15.0682 5848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:15.0697 5848 isapnp - ok
23:32:16.0025 5848 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:32:16.0103 5848 JavaQuickStarterService - ok
23:32:16.0182 5848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:16.0197 5848 Kbdclass - ok
23:32:16.0228 5848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:16.0244 5848 kbdhid - ok
23:32:16.0385 5848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:16.0400 5848 kmixer - ok
23:32:16.0463 5848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:16.0510 5848 KSecDD - ok
23:32:16.0588 5848 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:32:16.0650 5848 lanmanserver - ok
23:32:16.0744 5848 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:32:16.0822 5848 lanmanworkstation - ok
23:32:17.0650 5848 Lavasoft Ad-Aware Service (193146149076b331c008c1c0af6fa5b9) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:32:17.0791 5848 Lavasoft Ad-Aware Service - ok
23:32:17.0932 5848 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:32:17.0994 5848 Lbd - ok
23:32:18.0025 5848 lbrtfdc - ok
23:32:18.0197 5848 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:32:18.0213 5848 LmHosts - ok
23:32:18.0322 5848 lvpopflt (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
23:32:18.0510 5848 lvpopflt - ok
23:32:18.0557 5848 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
23:32:18.0697 5848 LVPr2Mon - ok
23:32:18.0885 5848 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:32:18.0947 5848 LVPrcSrv - ok
23:32:19.0353 5848 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:32:19.0635 5848 LVRS - ok
23:32:19.0760 5848 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
23:32:19.0916 5848 lvselsus - ok
23:32:20.0072 5848 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
23:32:20.0197 5848 LVUSBSta - ok
23:32:24.0963 5848 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:32:29.0541 5848 LVUVC - ok
23:32:30.0025 5848 lxcf_device - ok
23:32:30.0041 5848 MaRdPnp - ok
23:32:30.0275 5848 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:32:30.0275 5848 McMPFSvc - ok
23:32:30.0275 5848 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:32:30.0275 5848 mcmscsvc - ok
23:32:30.0291 5848 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:32:30.0291 5848 McNaiAnn - ok
23:32:30.0291 5848 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:32:30.0291 5848 McNASvc - ok
23:32:30.0572 5848 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
23:32:30.0853 5848 McODS - ok
23:32:30.0853 5848 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:32:30.0853 5848 McProxy - ok
23:32:32.0275 5848 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:32:32.0432 5848 McShield - ok
23:32:33.0557 5848 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
23:32:33.0635 5848 MDM - ok
23:32:34.0025 5848 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:32:34.0057 5848 mdmxsdk - ok
23:32:34.0244 5848 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:32:34.0307 5848 Messenger - ok
23:32:34.0807 5848 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
23:32:34.0807 5848 mfeapfk - ok
23:32:35.0650 5848 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
23:32:35.0744 5848 mfeavfk - ok
23:32:35.0744 5848 mfeavfk01 - ok
23:32:35.0807 5848 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
23:32:35.0807 5848 mfebopk - ok
23:32:35.0916 5848 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:32:35.0916 5848 mfefire - ok
23:32:36.0119 5848 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
23:32:36.0400 5848 mfefirek - ok
23:32:36.0666 5848 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
23:32:37.0057 5848 mfehidk - ok
23:32:37.0103 5848 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:32:37.0228 5848 mfendisk - ok
23:32:37.0228 5848 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
23:32:37.0228 5848 mfendiskmp - ok
23:32:37.0291 5848 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
23:32:37.0416 5848 mferkdet - ok
23:32:37.0478 5848 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
23:32:37.0588 5848 mferkdk - ok
23:32:37.0650 5848 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
23:32:37.0744 5848 mfesmfk - ok
23:32:37.0807 5848 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
23:32:37.0932 5848 mfetdi2k - ok
23:32:38.0119 5848 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
23:32:38.0197 5848 mfevtp - ok
23:32:38.0213 5848 midisyn - ok
23:32:38.0260 5848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:38.0275 5848 mnmdd - ok
23:32:38.0322 5848 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:32:38.0338 5848 mnmsrvc - ok
23:32:38.0385 5848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:32:38.0400 5848 Modem - ok
23:32:38.0432 5848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:38.0447 5848 Mouclass - ok
23:32:38.0494 5848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:38.0510 5848 mouhid - ok
23:32:38.0541 5848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:38.0572 5848 MountMgr - ok
23:32:38.0682 5848 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:32:38.0807 5848 MozillaMaintenance - ok
23:32:38.0853 5848 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:32:38.0932 5848 mraid35x - ok
23:32:39.0228 5848 MRVW245 (be92f1eefdb3d9d231f3496b3cf007cc) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
23:32:39.0557 5848 MRVW245 - ok
23:32:39.0682 5848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:39.0775 5848 MRxDAV - ok
23:32:40.0041 5848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:40.0432 5848 MRxSmb - ok
23:32:40.0588 5848 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
23:32:40.0666 5848 MSCamSvc - ok
23:32:40.0697 5848 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:32:40.0713 5848 MSDTC - ok
23:32:40.0744 5848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:40.0760 5848 Msfs - ok
23:32:40.0760 5848 msftesql - ok
23:32:40.0807 5848 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
23:32:40.0885 5848 MSHUSBVideo - ok
23:32:40.0885 5848 MSIServer - ok
23:32:41.0072 5848 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:32:41.0088 5848 MSK80Service - ok
23:32:41.0119 5848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:41.0119 5848 MSKSSRV - ok
23:32:41.0135 5848 msmpsvc - ok
23:32:41.0150 5848 MSMQTriggers - ok
23:32:41.0166 5848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:41.0182 5848 MSPCLOCK - ok
23:32:41.0197 5848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:41.0197 5848 MSPQM - ok

sambaker · 2012/08/09

23:32:41.0228 5848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:41.0244 5848 mssmbios - ok
23:32:41.0260 5848 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:32:41.0275 5848 MSTEE - ok
23:32:41.0400 5848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:32:41.0525 5848 Mup - ok
23:32:41.0588 5848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:32:41.0635 5848 NABTSFEC - ok
23:32:41.0838 5848 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:32:41.0994 5848 napagent - ok
23:32:41.0994 5848 nchssvad - ok
23:32:42.0103 5848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:42.0213 5848 NDIS - ok
23:32:42.0244 5848 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
23:32:42.0322 5848 ndiscm - ok
23:32:42.0385 5848 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:32:42.0400 5848 NdisIP - ok
23:32:42.0447 5848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:42.0525 5848 NdisTapi - ok
23:32:42.0557 5848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:42.0572 5848 Ndisuio - ok
23:32:42.0635 5848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:42.0682 5848 NdisWan - ok
23:32:42.0713 5848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:42.0807 5848 NDProxy - ok
23:32:42.0853 5848 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
23:32:42.0932 5848 Net Driver HPZ12 - ok
23:32:42.0978 5848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:42.0994 5848 NetBIOS - ok
23:32:43.0103 5848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:43.0182 5848 NetBT - ok
23:32:43.0275 5848 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:32:43.0338 5848 NetDDE - ok
23:32:43.0338 5848 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:32:43.0338 5848 NetDDEdsdm - ok
23:32:43.0353 5848 NETGEAR_MA111 - ok
23:32:43.0369 5848 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:32:43.0369 5848 Netlogon - ok
23:32:43.0525 5848 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:32:43.0619 5848 Netman - ok
23:32:43.0635 5848 netsvc - ok
23:32:43.0791 5848 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:32:43.0869 5848 NetTcpPortSharing - ok
23:32:44.0853 5848 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
23:32:45.0791 5848 NETw3x32 - ok
23:32:47.0619 5848 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
23:32:49.0025 5848 NETw4x32 - ok
23:32:49.0619 5848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:32:49.0650 5848 NIC1394 - ok
23:32:49.0932 5848 NICCONFIGSVC (11d8a00c7eff1aaec8e8464769c84a3d) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
23:32:50.0041 5848 NICCONFIGSVC - ok
23:32:50.0197 5848 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:32:50.0197 5848 Nla - ok
23:32:50.0197 5848 nlsvc - ok
23:32:50.0228 5848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:50.0260 5848 Npfs - ok
23:32:50.0603 5848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:50.0900 5848 Ntfs - ok
23:32:50.0932 5848 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:32:50.0932 5848 NtLmSsp - ok
23:32:51.0197 5848 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:32:51.0432 5848 NtmsSvc - ok
23:32:51.0494 5848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:51.0494 5848 Null - ok
23:32:52.0572 5848 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:32:53.0541 5848 nv - ok
23:32:53.0994 5848 nvidesm - ok
23:32:54.0010 5848 nvmpu401 - ok
23:32:54.0010 5848 nvnetbus - ok
23:32:54.0041 5848 nvpvrmon - ok
23:32:54.0041 5848 nvstor32 - ok
23:32:54.0260 5848 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
23:32:54.0447 5848 NWADI - ok
23:32:54.0463 5848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:54.0478 5848 NwlnkFlt - ok
23:32:54.0510 5848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:54.0525 5848 NwlnkFwd - ok
23:32:54.0557 5848 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
23:32:54.0635 5848 NWUSBCDFIL - ok
23:32:54.0760 5848 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
23:32:54.0916 5848 NWUSBModem - ok
23:32:55.0025 5848 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
23:32:55.0275 5848 NWUSBPort - ok
23:32:55.0432 5848 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
23:32:55.0588 5848 NWUSBPort2 - ok
23:32:55.0978 5848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:32:56.0275 5848 odserv - ok
23:32:56.0338 5848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:32:56.0385 5848 ohci1394 - ok
23:32:56.0416 5848 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
23:32:56.0525 5848 omci - ok
23:32:56.0525 5848 omniserv - ok
23:32:56.0525 5848 oracleformsserver-forms60server-oraform - ok
23:32:56.0541 5848 oracleorahome811cman - ok
23:32:56.0650 5848 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:32:56.0807 5848 ose - ok
23:32:59.0463 5848 osppsvc (928c8060a555f0622cc4cac672b08573) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:33:02.0010 5848 osppsvc - ok
23:33:02.0713 5848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:33:02.0760 5848 Parport - ok
23:33:02.0791 5848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:33:02.0791 5848 PartMgr - ok
23:33:02.0822 5848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:33:02.0838 5848 ParVdm - ok
23:33:02.0838 5848 pavprsrv - ok
23:33:02.0900 5848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:33:02.0947 5848 PCI - ok
23:33:02.0947 5848 PCIDump - ok
23:33:02.0963 5848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:33:02.0978 5848 PCIIde - ok
23:33:03.0057 5848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:33:03.0119 5848 Pcmcia - ok
23:33:03.0135 5848 pcnet - ok
23:33:03.0135 5848 PDCOMP - ok
23:33:03.0135 5848 PDFRAME - ok
23:33:03.0150 5848 pdlnatcm - ok
23:33:03.0150 5848 pdlnslea - ok
23:33:03.0150 5848 PDRELI - ok
23:33:03.0166 5848 PDRFRAME - ok
23:33:03.0197 5848 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:33:03.0291 5848 perc2 - ok
23:33:03.0322 5848 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:33:03.0322 5848 perc2hib - ok
23:33:03.0338 5848 PhilCam8116_XP - ok
23:33:03.0432 5848 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:33:03.0447 5848 PlugPlay - ok
23:33:03.0447 5848 pmj151la - ok
23:33:03.0510 5848 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
23:33:03.0603 5848 Pml Driver HPZ12 - ok
23:33:03.0635 5848 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:03.0635 5848 PolicyAgent - ok
23:33:03.0635 5848 pptchpad - ok
23:33:03.0697 5848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:33:03.0728 5848 PptpMiniport - ok
23:33:03.0728 5848 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:03.0728 5848 ProtectedStorage - ok
23:33:03.0775 5848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:33:03.0822 5848 PSched - ok
23:33:03.0869 5848 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:33:04.0010 5848 PSI - ok
23:33:04.0103 5848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:33:04.0119 5848 Ptilink - ok
23:33:04.0197 5848 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:33:04.0228 5848 PxHelp20 - ok
23:33:04.0338 5848 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:33:04.0369 5848 ql1080 - ok
23:33:04.0400 5848 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:33:04.0432 5848 Ql10wnt - ok
23:33:04.0478 5848 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:33:04.0510 5848 ql12160 - ok
23:33:04.0541 5848 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:33:04.0572 5848 ql1240 - ok
23:33:04.0619 5848 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:33:04.0650 5848 ql1280 - ok
23:33:04.0666 5848 qmofiltr - ok
23:33:04.0682 5848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:33:04.0682 5848 RasAcd - ok
23:33:04.0775 5848 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:33:04.0822 5848 RasAuto - ok
23:33:04.0869 5848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:33:04.0900 5848 Rasl2tp - ok
23:33:05.0025 5848 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:33:05.0119 5848 RasMan - ok
23:33:05.0150 5848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:33:05.0182 5848 RasPppoe - ok
23:33:05.0197 5848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:33:05.0213 5848 Raspti - ok
23:33:05.0213 5848 razerusb - ok
23:33:05.0338 5848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:33:05.0432 5848 Rdbss - ok
23:33:05.0463 5848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:33:05.0463 5848 RDPCDD - ok
23:33:05.0603 5848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:33:05.0713 5848 rdpdr - ok
23:33:05.0822 5848 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:33:06.0228 5848 RDPWD - ok
23:33:07.0463 5848 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:33:07.0666 5848 RDSessMgr - ok
23:33:08.0260 5848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:33:08.0322 5848 redbook - ok
23:33:08.0322 5848 regmanserv - ok
23:33:13.0635 5848 RegSrvc (7274bd434b6165baa382bdd87f6ca4ce) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
23:33:13.0807 5848 RegSrvc - ok
23:33:13.0853 5848 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:33:13.0900 5848 RemoteAccess - ok
23:33:13.0900 5848 RESMGR - ok
23:33:13.0947 5848 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:33:14.0119 5848 rimmptsk - ok
23:33:14.0166 5848 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
23:33:14.0338 5848 rimsptsk - ok
23:33:14.0338 5848 rimusb - ok
23:33:14.0744 5848 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
23:33:15.0025 5848 rismxdp - ok
23:33:15.0025 5848 roxmediadb - ok
23:33:15.0182 5848 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:33:15.0213 5848 RpcLocator - ok
23:33:15.0463 5848 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:33:15.0463 5848 RpcSs - ok
23:33:15.0572 5848 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:33:15.0635 5848 RSVP - ok
23:33:15.0635 5848 rtport - ok
23:33:15.0650 5848 s125obex - ok
23:33:16.0385 5848 S24EventMonitor (20f261e78ccf0ea36d4fe2c363a2ef8a) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
23:33:16.0525 5848 S24EventMonitor - ok
23:33:16.0619 5848 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:33:16.0697 5848 s24trans - ok
23:33:16.0728 5848 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:33:16.0728 5848 SamSs - ok
23:33:16.0744 5848 savrtpel - ok
23:33:16.0838 5848 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:33:16.0900 5848 SCardSvr - ok
23:33:17.0057 5848 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:33:17.0150 5848 Schedule - ok
23:33:17.0228 5848 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:33:17.0275 5848 sdbus - ok
23:33:17.0275 5848 SE2Dmgmt - ok
23:33:17.0275 5848 se2Dnd5 - ok
23:33:17.0322 5848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:33:17.0338 5848 Secdrv - ok
23:33:17.0369 5848 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:33:17.0385 5848 seclogon - ok
23:33:18.0010 5848 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
23:33:18.0119 5848 Secunia PSI Agent - ok
23:33:18.0338 5848 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
23:33:18.0635 5848 Secunia Update Agent - ok
23:33:19.0119 5848 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:33:19.0119 5848 SENS - ok
23:33:19.0244 5848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:33:19.0244 5848 serenum - ok
23:33:19.0307 5848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:33:19.0338 5848 Serial - ok
23:33:19.0369 5848 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:33:19.0385 5848 sffdisk - ok
23:33:19.0416 5848 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:33:19.0416 5848 sffp_sd - ok
23:33:19.0447 5848 sfhlp01 - ok
23:33:19.0447 5848 sfhlp02 - ok
23:33:19.0494 5848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:33:19.0525 5848 Sfloppy - ok
23:33:19.0775 5848 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:33:19.0947 5848 SharedAccess - ok
23:33:20.0041 5848 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:33:20.0041 5848 ShellHWDetection - ok
23:33:20.0041 5848 Simbad - ok
23:33:20.0103 5848 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:33:20.0135 5848 sisagp - ok
23:33:20.0166 5848 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:33:20.0182 5848 SLIP - ok
23:33:20.0260 5848 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
23:33:20.0416 5848 SMSIVZAM5 - ok
23:33:20.0494 5848 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:33:20.0510 5848 Sparrow - ok
23:33:20.0541 5848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:33:20.0557 5848 splitter - ok
23:33:20.0603 5848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:33:20.0682 5848 Spooler - ok
23:33:20.0728 5848 sprtsvc_dellsupportcenter - ok
23:33:20.0728 5848 SQLAgent$ABBEYIIOFFLINE - ok
23:33:20.0791 5848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:33:20.0822 5848 sr - ok
23:33:20.0947 5848 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:33:20.0994 5848 srservice - ok
23:33:21.0260 5848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:33:21.0525 5848 Srv - ok
23:33:21.0541 5848 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:33:21.0619 5848 sscdbhk5 - ok
23:33:21.0666 5848 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:33:21.0713 5848 SSDPSRV - ok
23:33:21.0744 5848 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
23:33:21.0822 5848 ssrtln - ok
23:33:21.0838 5848 starwindservice - ok
23:33:22.0541 5848 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
23:33:23.0197 5848 STHDA - ok
23:33:23.0416 5848 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:33:23.0588 5848 stisvc - ok
23:33:23.0697 5848 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:33:23.0713 5848 streamip - ok
23:33:23.0713 5848 STV680m - ok
23:33:23.0728 5848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:33:23.0744 5848 swenum - ok
23:33:23.0775 5848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:33:23.0822 5848 swmidi - ok
23:33:23.0822 5848 SwPrv - ok
23:33:23.0822 5848 SWUMX20 - ok
23:33:23.0853 5848 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:33:23.0932 5848 symc810 - ok
23:33:23.0963 5848 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:33:24.0057 5848 symc8xx - ok
23:33:24.0088 5848 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:33:24.0103 5848 sym_hi - ok
23:33:24.0150 5848 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:33:24.0228 5848 sym_u3 - ok
23:33:24.0369 5848 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:33:24.0541 5848 SynTP - ok
23:33:24.0588 5848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:33:24.0619 5848 sysaudio - ok
23:33:24.0697 5848 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:33:24.0744 5848 SysmonLog - ok
23:33:24.0900 5848 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:33:25.0025 5848 TapiSrv - ok
23:33:25.0244 5848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:33:25.0447 5848 Tcpip - ok
23:33:25.0463 5848 tcpip6 - ok
23:33:25.0478 5848 tdcmdpst - ok
23:33:25.0525 5848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:33:25.0541 5848 TDPIPE - ok
23:33:25.0541 5848 tdrpman - ok
23:33:25.0588 5848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:33:25.0603 5848 TDTCP - ok
23:33:25.0635 5848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:33:25.0666 5848 TermDD - ok
23:33:25.0838 5848 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:33:25.0994 5848 TermService - ok
23:33:26.0057 5848 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
23:33:26.0150 5848 tfsnboio - ok
23:33:26.0166 5848 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
23:33:26.0260 5848 tfsncofs - ok
23:33:26.0275 5848 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
23:33:26.0353 5848 tfsndrct - ok
23:33:26.0353 5848 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
23:33:26.0432 5848 tfsndres - ok
23:33:26.0510 5848 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
23:33:26.0650 5848 tfsnifs - ok
23:33:26.0666 5848 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
23:33:26.0744 5848 tfsnopio - ok
23:33:26.0760 5848 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
23:33:26.0838 5848 tfsnpool - ok
23:33:26.0900 5848 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
23:33:27.0041 5848 tfsnudf - ok
23:33:27.0150 5848 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
23:33:27.0291 5848 tfsnudfa - ok
23:33:27.0385 5848 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:33:27.0400 5848 Themes - ok
23:33:27.0400 5848 thkeys - ok
23:33:27.0432 5848 TMHIDSRV - ok
23:33:27.0463 5848 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:33:27.0478 5848 TosIde - ok
23:33:27.0478 5848 tosrfcom - ok
23:33:27.0494 5848 tos_sps32 - ok
23:33:27.0572 5848 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:33:27.0619 5848 TrkWks - ok
23:33:27.0619 5848 tunnelguardservice - ok
23:33:27.0697 5848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:33:27.0728 5848 Udfs - ok
23:33:27.0744 5848 uisp - ok
23:33:27.0775 5848 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:33:27.0869 5848 ultra - ok
23:33:27.0869 5848 UMAXPCLS - ok
23:33:28.0103 5848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:33:28.0307 5848 Update - ok
23:33:28.0432 5848 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:33:28.0541 5848 upnphost - ok
23:33:28.0572 5848 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:33:28.0588 5848 UPS - ok
23:33:28.0603 5848 upsentry_smart - ok
23:33:28.0619 5848 us30sys - ok
23:33:28.0635 5848 USBAAPL - ok
23:33:28.0682 5848 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:33:28.0728 5848 usbaudio - ok
23:33:28.0760 5848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:33:28.0791 5848 usbccgp - ok
23:33:28.0822 5848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:33:28.0838 5848 usbehci - ok
23:33:28.0900 5848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:33:28.0932 5848 usbhub - ok
23:33:28.0963 5848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:33:28.0978 5848 usbprint - ok
23:33:29.0041 5848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:33:29.0057 5848 usbscan - ok
23:33:29.0103 5848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:33:29.0135 5848 USBSTOR - ok
23:33:29.0166 5848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:33:29.0182 5848 usbuhci - ok
23:33:29.0260 5848 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:33:29.0322 5848 usbvideo - ok
23:33:29.0353 5848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:33:29.0369 5848 VgaSave - ok
23:33:29.0416 5848 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:33:29.0447 5848 viaagp - ok
23:33:29.0463 5848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:33:29.0463 5848 ViaIde - ok
23:33:29.0478 5848 VirtualCam - ok
23:33:29.0478 5848 vmware - ok
23:33:29.0541 5848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:33:29.0572 5848 VolSnap - ok
23:33:29.0760 5848 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:33:29.0916 5848 VSS - ok
23:33:29.0932 5848 vwlogger - ok
23:33:29.0932 5848 w200mdfl - ok
23:33:29.0947 5848 w300mdfl - ok
23:33:30.0057 5848 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:33:30.0135 5848 w32time - ok
23:33:30.0978 5848 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
23:33:31.0775 5848 w39n51 - ok
23:33:32.0369 5848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:33:32.0400 5848 Wanarp - ok
23:33:32.0400 5848 wanatw - ok
23:33:32.0416 5848 WDICA - ok
23:33:32.0478 5848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:33:32.0525 5848 wdmaud - ok
23:33:32.0588 5848 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:33:32.0619 5848 WebClient - ok
23:33:32.0635 5848 webfilter - ok
23:33:33.0057 5848 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:33:33.0494 5848 winachsf - ok
23:33:33.0494 5848 winachsx - ok
23:33:33.0635 5848 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:33:33.0713 5848 winmgmt - ok
23:33:34.0025 5848 WLANKEEPER (c2ed9211101f3c9cf70b9cbdb3e99c8c) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
23:33:34.0103 5848 WLANKEEPER - ok
23:33:34.0150 5848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:33:34.0166 5848 WmdmPmSN - ok
23:33:34.0275 5848 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:33:34.0291 5848 WmiAcpi - ok
23:33:34.0369 5848 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:33:34.0447 5848 WmiApSrv - ok
23:33:34.0463 5848 wmp54gssvc - ok
23:33:35.0041 5848 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:33:35.0525 5848 WMPNetworkSvc - ok
23:33:35.0572 5848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:33:35.0588 5848 WS2IFSL - ok
23:33:35.0650 5848 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:33:35.0697 5848 wscsvc - ok
23:33:35.0728 5848 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:33:35.0744 5848 WSTCODEC - ok
23:33:35.0760 5848 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:33:35.0775 5848 wuauserv - ok
23:33:35.0838 5848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:33:35.0885 5848 WudfPf - ok
23:33:35.0947 5848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:33:35.0994 5848 WudfSvc - ok
23:33:35.0994 5848 wusb54gv2svc - ok
23:33:36.0291 5848 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:33:36.0557 5848 WZCSVC - ok
23:33:36.0713 5848 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:33:36.0791 5848 xmlprov - ok
23:33:36.0791 5848 ZDCNDIS5 - ok
23:33:36.0822 5848 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
23:33:36.0869 5848 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
23:33:37.0478 5848 \Device\Harddisk0\DR0 - ok
23:33:37.0478 5848 Boot (0x1200) (5e0bcb2121f888eecc9a60ffd741de39) \Device\Harddisk0\DR0\Partition0
23:33:37.0494 5848 \Device\Harddisk0\DR0\Partition0 - ok
23:33:37.0510 5848 Boot (0x1200) (55bfd6beb343370b4cd378727f5db448) \Device\Harddisk0\DR0\Partition1
23:33:37.0525 5848 \Device\Harddisk0\DR0\Partition1 - ok
23:33:37.0525 5848 ============================================================
23:33:37.0525 5848 Scan finished
23:33:37.0525 5848 ============================================================
23:33:37.0525 5432 Detected object count: 0
23:33:37.0525 5432 Actual detected object count: 0

sambaker · 2012/08/09

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2012 11:40:04 PM in x86 mode.
Windows Version: Windows XP

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@ "was reset to comfile!

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/09/2012 11:40:43 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)

broni · 2012/08/09

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sambaker · 2012/08/10

ComboFix 12-08-09.01 - Brandon McGahee 08/10/2012 0:18.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1179 [GMT -4:00]
Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brandon McGahee\WINDOWS
c:\documents and settings\Brandon McGahee\WINDOWS\inifile.upd
c:\documents and settings\Brandon McGahee\WINDOWS\win.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-08 02:51 . 2012-08-08 02:51 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 04:18 . 2012-04-02 19:17 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-03 03:43 . 2012-04-02 19:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 03:43 . 2011-05-14 16:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-10 17:51 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-26 11:32 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 17:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 17:51 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-24 01:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-24 01:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 18:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 18:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 18:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-05-24 01:59 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-10 18:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 18:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 17:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-05-24 01:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 18:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 18:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-05-25 01:47 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-09-15 16:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2005-05-26 08:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 06:37 . 2011-06-21 06:37 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-07-20 01:12 . 2012-05-01 02:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-08-19 21:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-09-24 421888]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2011-12-31 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\utorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/19/2010 5:21 PM 89792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1036104]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 5:22 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 5:21 PM 151880]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/19/2010 5:21 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/19/2010 5:21 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 3:51 PM 250056]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:21 PM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 10:25 PM 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30576]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
pdlnatcm
{834170a7-af3b-4d34-a757-e05eb29ee96d}
ngdbserv
L8042Kbd
elockservice
avgascln
webfilter
tdrpman
upsentry_smart
AVRec
savrtpel
se2Dnd5
cfsvcs
bt3cser
nvmpu401
acrotray
cxusb
epfw
aksusb
oracleformsserver-forms60server-oraform
omniserv
hidgame
s125obex
ICM10USB
elagopro
SQLAgent$ABBEYIIOFFLINE
sfhlp02
nchssvad
aaksrv
tcpip6
backupexecnotificationserver
sfhlp01
DSXUSB
vwlogger
tdcmdpst
UMAXPCLS
pavprsrv
F700imd
DM9102
msftesql
regmanserv
dot4usb
MSMQTriggers
pcnet
ftrtsvc
NETGEAR_MA111
us30sys
w300mdfl
pdlnslea
BUFADPT
nvstor32
cwafreportscheduler
mcpromgr
wmp54gssvc
nvidesm
nlsvc
eelsservice
rkhdrv31
ATIVXSTW
eelogsvc
wusb54gv2svc
tosrfcom
netsvc
oracleorahome811cman
ATIBTCAP
thkeys
pptchpad
tunnelguardservice
defragfs
SWUMX20
MaRdPnp
A4S2600
msmpsvc
roxmediadb
ccflic0
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
rtport
cidaemon
midisyn
razerusb
SE2Dmgmt
ZDCNDIS5
ctusfsyn
winachsx
nvnetbus
w200mdfl
lxcf_device
RESMGR
elnkservice
tos_sps32
vmware
ipsecmon
uisp
nvpvrmon
pmj151la
starwindservice
epstnt01
DSI_SiUSBXp_3_1
procmon10
dvd-ram_service
thinkpadmodemservice
STV680m
bocdrive
VirtualCam
entertainment
belgium_id_card_service
USBAAPL
g400
cfgwzsvc
TMHIDSRV
qmofiltr
rimusb
usbvm321
ser2plms
Intels51
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
uploadmgr
TermService
ip6fwhlp
mhn
sacsvr
trksvr
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:16]
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:43]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-08-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \$»»]
"Q "=hex:51
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \Ãƒ#$]
"Q "=hex:51
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \ÃE¼]
"Q "=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-10 00:54:09
ComboFix-quarantined-files.txt 2012-08-10 04:54
.
Pre-Run: 33,635,061,760 bytes free
Post-Run: 34,364,796,928 bytes free
.
- - End Of File - - B0AA6DBD8BEBC865168EEF76AF7BB080

broni · 2012/08/10

Looks good.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

sambaker · 2012/08/10

I have not experienced any blue screen crashes since running TDSSKiller. Performance is a little bit better now, but is still sluggish and slow at times.

Here are the OTL logs.

OTL logfile created on: 8/10/2012 10:30:05 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 38.85% Memory free
3.85 Gb Paging File | 2.68 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 32.06 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 22:26:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/12/31 01:41:41 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\realplayer\realplay.exe
PRC - [2011/12/31 01:41:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/01/19 17:17:42 | 001,581,056 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
PRC - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/09 22:02:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 22:00:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 22:00:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/08 15:16:18 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011/06/08 15:16:17 | 000,256,424 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/07/16 16:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 16:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 16:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 16:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 16:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 16:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 16:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 16:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 16:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 16:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 16:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 16:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009/07/03 10:49:08 | 000,168,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/11/28 10:41:50 | 000,176,128 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\BelkinwcuiDLL.dll
MOD - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
MOD - [2006/04/21 14:34:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\NWTools.dll
MOD - [2004/04/11 20:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snare.dll -- (ZDCNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awecho.dll -- (wusb54gv2svc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (wmp54gssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxliveshare9.dll -- (winachsx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mskssrv.dll -- (webfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snareiis.dll -- (w300mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (w200mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (vwlogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvp.dll -- (vmware)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\U81xbus.dll -- (VirtualCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117mdfl.dll -- (USBAAPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ohci1394.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrxsmb.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBFSHook.dll -- (UMAXPCLS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Nsynas32.dll -- (uisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsmservice.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imapiservice.dll -- (tosrfcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpdusb.dll -- (tos_sps32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pmsveh.dll -- (TMHIDSRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TIEHDUSB.dll -- (thkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acedrv07.dll -- (tdrpman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsRamDsk.dll -- (tdcmdpst)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll -- (tcpip6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmpnetworksvc.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AIRPLUS.dll -- (STV680m)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ose.dll -- (starwindservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxhttp.dll -- (SQLAgent$ABBEYIIOFFLINE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmindexingservice.dll -- (sfhlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwxp.dll -- (sfhlp01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prevxagent.dll -- (se2Dnd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\motoswitchservice.dll -- (SE2Dmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PciBus.dll -- (savrtpel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Ebus.dll -- (s125obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSTAPE.dll -- (rtport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (roxmediadb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icdsptsv.dll -- (rimusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasbus.dll -- (RESMGR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wfxsvc.dll -- (regmanserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsndrct.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trayman.dll -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bcoreusb.dll -- (pptchpad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enum1394.dll -- (pmj151la)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stirusb.dll -- (pdlnslea)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isapisearch.dll -- (pdlnatcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (pcnet)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (pavprsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sglogplayer.dll -- (oracleorahome811cman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (oracleformsserver-forms60server-oraform)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\merakpop3.dll -- (omniserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\defragfs.dll -- (nvstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siskp.dll -- (nvpvrmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nm.dll -- (nvnetbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qbposdbservices.dll -- (nvmpu401)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll -- (nvidesm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BUFADPT.dll -- (nlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdengine.dll -- (netsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetadapter.dll -- (NETGEAR_MA111)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwlsvc.dll -- (nchssvad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SerTVOutCtlr.dll -- (MSMQTriggers)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEKIOMngr.dll -- (msmpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (msftesql)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntservice1.dll -- (midisyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mfeapfk.dll -- (MaRdPnp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsssvc.dll -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sbcssvc.dll -- (ipsecmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TeamViewer.dll -- (ICM10USB)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpcsvr4x.dll -- (hidgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\crcdisk.dll -- (g400)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlapoolm.dll -- (ftrtsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digirefresh.dll -- (F700imd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (epstnt01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\edspport.dll -- (epfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PGPdisk.dll -- (entertainment)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mdc8021x.dll -- (elockservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppped.dll -- (elnkservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stllssvr.dll -- (elagopro)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahomeagent.dll -- (eelsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfbnp.dll -- (eelogsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINUSB.dll -- (dvd-ram_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiSRaid.dll -- (DSXUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABSVC.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FlexBios.dll -- (dot4usb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viairda.dll -- (DM9102)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lkclassads.dll -- (defragfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaifs_m.dll -- (cxusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Defrag32b.dll -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sit_prt.dll -- (ctusfsyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RDID1027.dll -- (cidaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ngdbserv.dll -- (cfsvcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ahcix86s.dll -- (cfgwzsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (ccflic0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (BUFADPT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sony_ssm.sys.dll -- (bt3cser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kodakccs.dll -- (bocdrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMouFilt.dll -- (belgium_id_card_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UBHelper.dll -- (backupexecnotificationserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\idsvc.dll -- (AVRec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\suservice.dll -- (avgascln)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (ATIBTCAP)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (aksusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (acrotray)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bmdfl.dll -- (aaksrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt2500usb.dll -- (A4S2600)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZTEusbmdm6k.dll -- ({85ccb53b-23d8-4e73-b1b7-9ddb71827d9b})
SRV - [2012/08/02 23:43:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 21:12:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/28 22:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcfcoms.exe -- (dlcf_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:24:48 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/08 07:14:00 | 000,498,816 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/22 18:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes,DefaultScope = {8F1F6F3C-A7F8-48D4-A6A6-D16291A3082E}
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\SearchScopes\{8F1F6F3C-A7F8-48D4-A6A6-D16291A3082E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1 "
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/31 01:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/10 22:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:12:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 19:39:19 | 000,000,000 | ---D | M]

[2010/05/08 21:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Extensions
[2012/07/10 20:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions
[2010/05/08 22:21:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 22:22:19 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2012/05/18 00:19:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/04/30 22:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/10 20:59:03 | 000,163,080 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BRANDON MCGAHEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6AKBZGC3.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/04/04 23:50:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/19 21:12:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/06/21 02:37:38 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/06/21 02:37:44 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/04/04 23:50:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/07 21:05:07 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/07 21:05:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/07 21:05:07 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/07 21:05:07 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/07 21:05:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/07 21:05:07 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/08/10 00:47:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627203058.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F}: DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

sambaker · 2012/08/10

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 22:28:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2012/08/10 22:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/08/10 00:00:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/10 00:00:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/10 00:00:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/10 00:00:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/09 23:58:26 | 004,728,003 | R--- | C] (Swearware) -- C:\Documents and Settings\Brandon McGahee\Desktop\ComboFix.exe
[2012/08/09 23:57:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 22:43:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/10 22:26:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\New Microsoft Office Visio Drawing.vsd
[2012/08/10 22:26:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2012/08/10 22:14:11 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/08/10 22:13:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/10 22:13:01 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 16:10:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/10 00:47:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/09 23:49:51 | 004,728,003 | R--- | M] (Swearware) -- C:\Documents and Settings\Brandon McGahee\Desktop\ComboFix.exe
[2012/08/09 21:38:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
[2012/08/09 12:29:10 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/04 00:40:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1915563299-3972609359-212629399-1006.job
[2012/07/30 15:16:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2012/07/21 01:21:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 22:26:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\New Microsoft Office Visio Drawing.vsd
[2012/08/10 00:00:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/10 00:00:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/10 00:00:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/10 00:00:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/10 00:00:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/09 21:38:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
[2012/05/10 08:33:31 | 000,248,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/01 13:56:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/11 10:37:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/27 03:03:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\yhjmdmkm.tpl
[2006/08/19 23:24:54 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/15 18:00:28 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\fusioncache.dat
[2006/08/10 11:46:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== LOP Check ==========

[2011/03/04 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aPjLaDj09000
[2010/03/26 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/02/23 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDeOjKc06511
[2006/11/23 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/03/04 20:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dBlGlCg15406
[2010/01/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/04 02:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/11/20 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/30 14:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/10 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 04:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2012/04/04 23:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ElevatedDiagnostics
[2008/08/31 17:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ICAClient
[2008/09/21 23:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Leadertech
[2011/10/16 03:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Opera
[2008/08/31 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Runaware
[2010/05/28 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\webex
[2010/04/07 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2012/07/30 15:16:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/03/27 18:27:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

sambaker · 2012/08/10

OTL Extras logfile created on: 8/10/2012 10:30:07 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 38.85% Memory free
3.85 Gb Paging File | 2.68 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 32.06 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Network Adapter Setup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Color Printer 725" = Dell Color Printer 725
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Opera 11.61.1250" = Opera 11.61
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2012 7:27:06 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 8/9/2012 7:27:09 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 8/10/2012 12:18:43 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 8/10/2012 12:18:46 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 8/10/2012 12:55:39 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 8/10/2012 12:55:42 AM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 8/10/2012 4:13:40 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 8/10/2012 4:13:54 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 8/10/2012 10:19:53 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 8/10/2012 10:19:57 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The MTDVC2_ENUM service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Schscnt service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Googledesktopmanager service terminated with the following error:
%%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The PTDCVsp service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Cdr4_xp service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The VIAPFD service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Dm1service service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The Hibernation service terminated with the following error: %%126

Error - 8/10/2012 10:15:32 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7023
Description = The V2imount service terminated with the following error: %%126

Error - 8/10/2012 10:17:22 PM | Computer Name = BRANDON | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.

< End of report >

broni · 2012/08/10

OTL logs are clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

sambaker · 2012/08/10

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Out of date HijackThis installed!
Spybot - Search & Destroy
Windows Defender
Windows Defender Signatures
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware version 1.60.1.1000
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

sambaker · 2012/08/10

Farbar Service Scanner Version: 06-08-2012
Ran by Brandon McGahee (administrator) on 10-08-2012 at 23:59:08
Running from "C:\Documents and Settings\Brandon McGahee\Desktop "
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(13) Gpc(6) IPSec(4) mfetdi2k(10) NetBT(5) PSched(7) Tcpip(3)
0x0D000000040000000100000002000000030000000A00000005000000060000000700000008000000090000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

sambaker · 2012/08/11

Here is the log of threats found by ESET:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP118\A0019004.dll Win32/LockScreen.AMB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP118\A0019025.dll Win32/LockScreen.AMB trojan cleaned by deleting - quarantined

broni · 2012/08/11

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

sambaker · 2012/08/11

Thank you for your help. The last OTL log from the cleanup is below.

I am no longer experiencing system crashes and blue screens. However, I am still experiencing slow performance. Performance is better, but still not where it was before the initial problem. It is taking much longer to boot up than normal and shut down seems to take a little longer too. The biggest problem still remaining is the audio and video is choppy and full of static. I hear the static even during the Windows chimes that play when booting up and shutting down. It is not only with streaming video/audio online -- it is a problem with videos or audio played from the hard drive. This was never an issue before. And when it started happening, I attributed it to whatever had infected my laptop. But now that my laptop is clean, I don't have an explanation for the audio/video problems and the slower performance in general.

Any other thoughts on what the issue may be?

Thanks again for your help. My laptop is in much better shape than before it was cleaned, but I'm just trying to get back to the fully normal state before the infection, if possible.

Here is the OTL log from the cleanup:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 149672 bytes
->Temporary Internet Files folder emptied: 1392264 bytes
->Java cache emptied: 599582 bytes
->FireFox cache emptied: 215292678 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3533 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109335 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 208.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Brandon McGahee
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.56.0 log created on 08112012_133734

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcafee_8wxF87HpvSYooEV not found!

PendingFileRenameOperations files...
File C:\WINDOWS\temp\mcafee_8wxF87HpvSYooEV not found!

Registry entries deleted on Reboot...

broni · 2012/08/11

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Possible overheating?
But it's up to other forum.

Good luck and stay safe

sambaker · 2012/08/11

OK, thanks.

Actually, everything seems to be back to normal now with the performance. No longer slower on the boot up, shut down, or while in use. And the audio/video is normal again. I deleted a couple of registry settings and rebooted to reset them. I don't know if the registry edit fixed the problem or not, but all seems normal again now.

Thanks again. You have been extremely helpful.

Log in or Sign up

Solved Slow Performance after Removing Virus/Malware

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Slow Performance after Removing Virus/Malware

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

Share This Page

Useful Searches