Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer freezes and shows 100% CPU usage


  • This topic is locked This topic is locked
48 replies to this topic

#1 bmjoy

bmjoy

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 05 June 2012 - 04:02 PM

Dell Dimension 8400 with Windows XP sp3. 2 GB ram. Recently replaced hard drive and reinstalled Windows. Computer freezes contantly after 15 - 30 minutes of use. Also have checked performance and it randomly spikes from 2-11% of usage to 100% usage when nothing has been done via the keyboard.

Have attempted to run virus software and also Malwarebytes and Super Anti Spyware. Have AVG free on the computer and it pops up blocked threats often.

I have seen many people post the logfile from Hijack This, so here is my file. Any help would be greatly appreciated.

Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:58:14 PM, on 6/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-1757981266-920026266-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-1757981266-920026266-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1757981266-920026266-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1757981266-920026266-725345543-1004\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User '?')
O4 - S-1-5-21-1757981266-920026266-725345543-1004 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1331043924187
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Si3114r (bcm43xx) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - G:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - G:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: WLSVC - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe

--
End of file - 10693 bytes

Edited by hamluis, 05 June 2012 - 04:22 PM.
Moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 09 June 2012 - 08:21 PM

Hi bmjoy,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below, I will review your topic and do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 11 June 2012 - 05:42 PM

Jason,

Thank you in advance for your help.

I cannot get the DDS file to run. It flashes up a black command box but then disappears. I have turned off the firewall and temporarily disabled AVG anti-virus.

I have attached the GMER log as requested.

I have Malwarebytes and Super Anti Spyware, both the free editions, and have attempted to run those. I also another thread a couple weeks ago and tried to run Combofix before I read that I shouldn't do that without being told to do so. I do have that log if it would be helpful.

Thanks again,

Brent

Attached Files

  • Attached File  ark.txt   10.55KB   2 downloads


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 11 June 2012 - 05:50 PM

bmjoy,

Yes, please post the Combofix log. It should be located at C:\Combofix.txt :thumbup2:



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 11 June 2012 - 07:35 PM

Jason,

I've attached the Combofix log from a couple weeks ago, and the TDSS log is pasted below. Thank you.

20:27:41.0640 2936 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:27:42.0000 2936 ============================================================
20:27:42.0000 2936 Current date / time: 2012/06/11 20:27:42.0000
20:27:42.0000 2936 SystemInfo:
20:27:42.0000 2936
20:27:42.0000 2936 OS Version: 5.1.2600 ServicePack: 3.0
20:27:42.0000 2936 Product type: Workstation
20:27:42.0000 2936 ComputerName: KITCHEN
20:27:42.0000 2936 UserName: Brent & Sharon
20:27:42.0000 2936 Windows directory: C:\WINDOWS
20:27:42.0000 2936 System windows directory: C:\WINDOWS
20:27:42.0000 2936 Processor architecture: Intel x86
20:27:42.0000 2936 Number of processors: 1
20:27:42.0000 2936 Page size: 0x1000
20:27:42.0000 2936 Boot type: Normal boot
20:27:42.0000 2936 ============================================================
20:27:44.0656 2936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:44.0671 2936 Drive \Device\Harddisk1\DR2 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:27:44.0671 2936 Drive \Device\Harddisk2\DR3 - Size: 0xF940000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:27:44.0671 2936 ============================================================
20:27:44.0671 2936 \Device\Harddisk0\DR0:
20:27:44.0671 2936 MBR partitions:
20:27:44.0671 2936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
20:27:44.0671 2936 \Device\Harddisk2\DR3:
20:27:44.0671 2936 MBR partitions:
20:27:44.0671 2936 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7C9E0
20:27:44.0671 2936 ============================================================
20:27:44.0703 2936 C: <-> \Device\Harddisk0\DR0\Partition0
20:27:44.0703 2936 ============================================================
20:27:44.0703 2936 Initialize success
20:27:44.0703 2936 ============================================================
20:27:54.0531 1556 ============================================================
20:27:54.0531 1556 Scan started
20:27:54.0531 1556 Mode: Manual; SigCheck; TDLFS;
20:27:54.0531 1556 ============================================================
20:27:55.0609 1556 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:27:55.0734 1556 !SASCORE - ok
20:27:56.0484 1556 2wirepcp - ok
20:27:56.0578 1556 Abiosdsk - ok
20:27:56.0593 1556 abp480n5 - ok
20:27:56.0937 1556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:57.0343 1556 ACPI - ok
20:27:57.0421 1556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:57.0562 1556 ACPIEC - ok
20:27:57.0859 1556 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:58.0031 1556 AdobeFlashPlayerUpdateSvc - ok
20:27:58.0031 1556 adpu160m - ok
20:27:58.0328 1556 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
20:27:58.0484 1556 AdvancedSystemCareService5 - ok
20:27:58.0578 1556 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:27:58.0640 1556 aeaudio - ok
20:27:58.0781 1556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:27:58.0984 1556 aec - ok
20:27:59.0062 1556 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:27:59.0109 1556 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:27:59.0109 1556 AegisP - detected UnsignedFile.Multi.Generic (1)
20:27:59.0250 1556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:27:59.0390 1556 AFD - ok
20:27:59.0406 1556 Aha154x - ok
20:27:59.0406 1556 aic78u2 - ok
20:27:59.0421 1556 aic78xx - ok
20:27:59.0468 1556 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:27:59.0625 1556 Alerter - ok
20:27:59.0734 1556 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:27:59.0796 1556 ALG - ok
20:27:59.0812 1556 AliIde - ok
20:27:59.0812 1556 amsint - ok
20:27:59.0984 1556 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:28:00.0000 1556 Apple Mobile Device - ok
20:28:00.0015 1556 AppMgmt - ok
20:28:00.0015 1556 AppnBase - ok
20:28:00.0156 1556 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:28:00.0312 1556 Arp1394 - ok
20:28:00.0328 1556 asc - ok
20:28:00.0328 1556 asc3350p - ok
20:28:00.0343 1556 asc3550 - ok
20:28:00.0578 1556 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:28:00.0671 1556 aspnet_state - ok
20:28:00.0671 1556 asuskeyboardservice - ok
20:28:00.0734 1556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:00.0906 1556 AsyncMac - ok
20:28:01.0031 1556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:01.0218 1556 atapi - ok
20:28:01.0234 1556 Atdisk - ok
20:28:01.0234 1556 Ati HotKey Poller - ok
20:28:01.0765 1556 ATI Smart (9c8f6be465b7a0455266a26723aac736) C:\WINDOWS\system32\ati2sgag.exe
20:28:01.0796 1556 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:28:01.0796 1556 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:28:02.0406 1556 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:28:02.0484 1556 ati2mtag - ok
20:28:02.0671 1556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:02.0843 1556 Atmarpc - ok
20:28:02.0937 1556 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:28:03.0109 1556 AudioSrv - ok
20:28:03.0156 1556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:03.0328 1556 audstub - ok
20:28:07.0656 1556 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:28:10.0031 1556 AVGIDSAgent - ok
20:28:11.0046 1556 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:28:11.0093 1556 AVGIDSDriver - ok
20:28:11.0187 1556 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:28:11.0203 1556 AVGIDSFilter - ok
20:28:11.0296 1556 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:28:11.0312 1556 AVGIDSHX - ok
20:28:11.0406 1556 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:28:11.0421 1556 AVGIDSShim - ok
20:28:11.0625 1556 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:28:11.0640 1556 Avgldx86 - ok
20:28:11.0734 1556 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:28:11.0734 1556 Avgmfx86 - ok
20:28:11.0812 1556 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:28:11.0828 1556 Avgrkx86 - ok
20:28:12.0125 1556 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:28:12.0140 1556 Avgtdix - ok
20:28:12.0437 1556 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:28:12.0453 1556 avgwd - ok
20:28:12.0468 1556 avupdsvc - ok
20:28:12.0593 1556 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:28:12.0703 1556 b57w2k - ok
20:28:12.0750 1556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:28:12.0953 1556 Beep - ok
20:28:13.0406 1556 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:28:13.0671 1556 BITS - ok
20:28:13.0687 1556 blueletscoaudio - ok
20:28:14.0125 1556 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:28:14.0140 1556 Bonjour Service - ok
20:28:14.0296 1556 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:28:14.0515 1556 Browser - ok
20:28:14.0515 1556 caccprovsp - ok
20:28:14.0750 1556 catchme - ok
20:28:14.0828 1556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:14.0984 1556 cbidf2k - ok
20:28:15.0000 1556 cd20xrnt - ok
20:28:15.0046 1556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:15.0218 1556 Cdaudio - ok
20:28:15.0312 1556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:15.0468 1556 Cdfs - ok
20:28:15.0578 1556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:15.0765 1556 Cdrom - ok
20:28:15.0828 1556 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:28:15.0859 1556 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:28:15.0859 1556 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:28:15.0875 1556 Changer - ok
20:28:15.0921 1556 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:28:16.0078 1556 CiSvc - ok
20:28:16.0156 1556 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:28:16.0343 1556 ClipSrv - ok
20:28:16.0640 1556 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:16.0921 1556 clr_optimization_v2.0.50727_32 - ok
20:28:17.0203 1556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:17.0328 1556 clr_optimization_v4.0.30319_32 - ok
20:28:17.0343 1556 cmdagent - ok
20:28:17.0343 1556 CmdIde - ok
20:28:17.0375 1556 COMMONFX.DLL - ok
20:28:17.0390 1556 compbatt - ok
20:28:17.0390 1556 COMSysApp - ok
20:28:17.0406 1556 Cpqarray - ok
20:28:17.0406 1556 crcdisk - ok
20:28:17.0562 1556 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:28:17.0734 1556 CryptSvc - ok
20:28:17.0750 1556 dac2w2k - ok
20:28:17.0765 1556 dac960nt - ok
20:28:17.0765 1556 dbmang - ok
20:28:18.0265 1556 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:28:18.0515 1556 DcomLaunch - ok
20:28:18.0703 1556 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:28:18.0890 1556 Dhcp - ok
20:28:18.0937 1556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:19.0125 1556 Disk - ok
20:28:19.0125 1556 dlaudfam - ok
20:28:19.0140 1556 dmadmin - ok
20:28:19.0859 1556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:28:20.0437 1556 dmboot - ok
20:28:20.0546 1556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:28:20.0750 1556 dmio - ok
20:28:20.0796 1556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:28:20.0953 1556 dmload - ok
20:28:21.0000 1556 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:28:21.0187 1556 dmserver - ok
20:28:21.0250 1556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:28:21.0421 1556 DMusic - ok
20:28:21.0515 1556 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:28:21.0593 1556 Dnscache - ok
20:28:21.0843 1556 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:28:22.0031 1556 Dot3svc - ok
20:28:22.0046 1556 dpfusmgr - ok
20:28:22.0046 1556 dpti2o - ok
20:28:22.0078 1556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:22.0265 1556 drmkaud - ok
20:28:22.0265 1556 dtsrvc - ok
20:28:22.0281 1556 dvd_2K - ok
20:28:22.0281 1556 DynDNS_Updater_Service - ok
20:28:22.0328 1556 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:28:22.0484 1556 EapHost - ok
20:28:22.0500 1556 EhttpSrv - ok
20:28:22.0515 1556 eliservice - ok
20:28:22.0515 1556 ELmou - ok
20:28:22.0578 1556 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:28:22.0750 1556 ERSvc - ok
20:28:22.0937 1556 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:23.0000 1556 Eventlog - ok
20:28:23.0328 1556 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:28:23.0468 1556 EventSystem - ok
20:28:23.0671 1556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:23.0890 1556 Fastfat - ok
20:28:24.0078 1556 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:28:24.0203 1556 FastUserSwitchingCompatibility - ok
20:28:24.0218 1556 fcprintservice - ok
20:28:24.0265 1556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:28:24.0437 1556 Fdc - ok
20:28:24.0453 1556 fetnd5bv - ok
20:28:24.0546 1556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:28:24.0687 1556 Fips - ok
20:28:24.0750 1556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:28:24.0921 1556 Flpydisk - ok
20:28:25.0156 1556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:28:25.0390 1556 FltMgr - ok
20:28:25.0578 1556 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:28:25.0609 1556 FontCache3.0.0.0 - ok
20:28:25.0671 1556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:28:25.0828 1556 Fs_Rec - ok
20:28:26.0062 1556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:28:26.0265 1556 Ftdisk - ok
20:28:26.0328 1556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:28:26.0343 1556 GEARAspiWDM - ok
20:28:26.0421 1556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:28:26.0593 1556 Gpc - ok
20:28:26.0593 1556 GTF32BUS - ok
20:28:26.0812 1556 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:28:26.0843 1556 gupdate - ok
20:28:26.0843 1556 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:28:26.0859 1556 gupdatem - ok
20:28:27.0171 1556 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:28:27.0281 1556 gusvc - ok
20:28:27.0328 1556 helpsvc - ok
20:28:27.0406 1556 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:28:27.0593 1556 HidServ - ok
20:28:27.0640 1556 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:28:27.0812 1556 hidusb - ok
20:28:27.0890 1556 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:28:28.0140 1556 hkmsvc - ok
20:28:28.0140 1556 hmonitor - ok
20:28:28.0140 1556 hpn - ok
20:28:28.0265 1556 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:28:28.0390 1556 HPZid412 - ok
20:28:28.0453 1556 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:28:28.0546 1556 HPZipr12 - ok
20:28:28.0593 1556 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:28:28.0750 1556 HPZius12 - ok
20:28:28.0750 1556 HssSrv - ok
20:28:29.0031 1556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:28:29.0171 1556 HTTP - ok
20:28:29.0218 1556 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:28:29.0390 1556 HTTPFilter - ok
20:28:29.0390 1556 i2omgmt - ok
20:28:29.0390 1556 i2omp - ok
20:28:30.0562 1556 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:28:30.0906 1556 idsvc - ok
20:28:31.0015 1556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:28:31.0234 1556 Imapi - ok
20:28:31.0562 1556 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:28:31.0718 1556 ImapiService - ok
20:28:31.0734 1556 incdfs - ok
20:28:31.0734 1556 ini910u - ok
20:28:31.0750 1556 IntelC51 - ok
20:28:31.0750 1556 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:28:31.0937 1556 IntelIde - ok
20:28:31.0968 1556 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:28:32.0140 1556 intelppm - ok
20:28:32.0203 1556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:32.0359 1556 Ip6Fw - ok
20:28:32.0421 1556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:32.0593 1556 IpFilterDriver - ok
20:28:32.0609 1556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:32.0750 1556 IpInIp - ok
20:28:33.0375 1556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:33.0578 1556 IpNat - ok
20:28:34.0968 1556 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
20:28:35.0078 1556 iPod Service - ok
20:28:35.0171 1556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:35.0359 1556 IPSec - ok
20:28:35.0390 1556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:35.0484 1556 IRENUM - ok
20:28:35.0562 1556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:35.0750 1556 isapnp - ok
20:28:35.0750 1556 iteatapi - ok
20:28:36.0015 1556 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
20:28:36.0031 1556 JavaQuickStarterService - ok
20:28:36.0109 1556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:36.0265 1556 Kbdclass - ok
20:28:36.0312 1556 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:28:36.0453 1556 kbdhid - ok
20:28:36.0750 1556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:28:36.0984 1556 kmixer - ok
20:28:37.0171 1556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:37.0359 1556 KSecDD - ok
20:28:37.0359 1556 L8042mou - ok
20:28:37.0484 1556 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:28:37.0578 1556 lanmanserver - ok
20:28:37.0750 1556 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:28:37.0828 1556 lanmanworkstation - ok
20:28:37.0843 1556 lbrtfdc - ok
20:28:37.0843 1556 ldlcserv - ok
20:28:37.0906 1556 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:28:38.0062 1556 LmHosts - ok
20:28:38.0078 1556 LMS - ok
20:28:38.0078 1556 LUsbFilt - ok
20:28:38.0078 1556 LVBulk - ok
20:28:38.0078 1556 lvpr2mon - ok
20:28:38.0093 1556 lvusbsta - ok
20:28:38.0093 1556 lxdm_device - ok
20:28:38.0109 1556 lxrjd31d - ok
20:28:38.0171 1556 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:28:38.0343 1556 Messenger - ok
20:28:38.0390 1556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:38.0578 1556 mnmdd - ok
20:28:38.0578 1556 mnmsrvc - ok
20:28:38.0609 1556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:28:38.0765 1556 Modem - ok
20:28:38.0796 1556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:38.0968 1556 Mouclass - ok
20:28:39.0000 1556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:39.0156 1556 mouhid - ok
20:28:39.0250 1556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:39.0437 1556 MountMgr - ok
20:28:39.0437 1556 mraid35x - ok
20:28:39.0453 1556 mrpostman - ok
20:28:39.0718 1556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:39.0890 1556 MRxDAV - ok
20:28:40.0531 1556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:40.0812 1556 MRxSmb - ok
20:28:40.0875 1556 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:28:41.0046 1556 MSDTC - ok
20:28:41.0140 1556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:28:41.0328 1556 Msfs - ok
20:28:41.0328 1556 MSIServer - ok
20:28:41.0390 1556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:41.0578 1556 MSKSSRV - ok
20:28:41.0578 1556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:41.0750 1556 MSPCLOCK - ok
20:28:42.0062 1556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:42.0234 1556 MSPQM - ok
20:28:42.0390 1556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:42.0546 1556 mssmbios - ok
20:28:42.0546 1556 mssqlserver - ok
20:28:42.0703 1556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:28:42.0812 1556 Mup - ok
20:28:43.0250 1556 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:28:43.0515 1556 napagent - ok
20:28:43.0781 1556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:28:44.0000 1556 NDIS - ok
20:28:44.0078 1556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:44.0203 1556 NdisTapi - ok
20:28:44.0265 1556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:44.0640 1556 Ndisuio - ok
20:28:44.0781 1556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:45.0078 1556 NdisWan - ok
20:28:45.0218 1556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:45.0328 1556 NDProxy - ok
20:28:45.0343 1556 NEOFLTR_600_13319 - ok
20:28:45.0406 1556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:45.0593 1556 NetBIOS - ok
20:28:45.0906 1556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:46.0187 1556 NetBT - ok
20:28:46.0437 1556 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:46.0656 1556 NetDDE - ok
20:28:46.0656 1556 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:46.0812 1556 NetDDEdsdm - ok
20:28:46.0890 1556 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:47.0078 1556 Netlogon - ok
20:28:47.0359 1556 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:28:47.0609 1556 Netman - ok
20:28:47.0859 1556 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:28:47.0906 1556 NetTcpPortSharing - ok
20:28:47.0968 1556 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:28:48.0125 1556 NIC1394 - ok
20:28:48.0140 1556 NICM - ok
20:28:48.0359 1556 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:28:48.0406 1556 Nla - ok
20:28:48.0406 1556 nmraapache - ok
20:28:48.0468 1556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:28:48.0640 1556 Npfs - ok
20:28:49.0390 1556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:49.0796 1556 Ntfs - ok
20:28:49.0812 1556 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:49.0953 1556 NtLmSsp - ok
20:28:50.0187 1556 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:28:50.0421 1556 NtmsSvc - ok
20:28:50.0468 1556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:28:50.0609 1556 Null - ok
20:28:50.0609 1556 nvstor32 - ok
20:28:50.0609 1556 nwdls - ok
20:28:50.0671 1556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:50.0875 1556 NwlnkFlt - ok
20:28:50.0890 1556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:51.0062 1556 NwlnkFwd - ok
20:28:51.0171 1556 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:28:51.0328 1556 ohci1394 - ok
20:28:51.0390 1556 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
20:28:51.0406 1556 OMCI ( UnsignedFile.Multi.Generic ) - warning
20:28:51.0406 1556 OMCI - detected UnsignedFile.Multi.Generic (1)
20:28:51.0562 1556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:28:51.0796 1556 Parport - ok
20:28:51.0859 1556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:51.0984 1556 PartMgr - ok
20:28:52.0046 1556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:52.0203 1556 ParVdm - ok
20:28:52.0234 1556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:52.0437 1556 PCI - ok
20:28:52.0453 1556 PCIDump - ok
20:28:52.0468 1556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:28:52.0625 1556 PCIIde - ok
20:28:52.0750 1556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:52.0984 1556 Pcmcia - ok
20:28:52.0984 1556 PDCOMP - ok
20:28:53.0000 1556 PDFRAME - ok
20:28:53.0000 1556 pdlncbas - ok
20:28:53.0015 1556 pdlndldl - ok
20:28:53.0015 1556 PDRELI - ok
20:28:53.0031 1556 PDRFRAME - ok
20:28:53.0046 1556 perc2 - ok
20:28:53.0046 1556 perc2hib - ok
20:28:53.0203 1556 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:53.0234 1556 PlugPlay - ok
20:28:53.0234 1556 Pml Driver HPZ12 - ok
20:28:53.0250 1556 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:53.0390 1556 PolicyAgent - ok
20:28:53.0500 1556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:53.0671 1556 PptpMiniport - ok
20:28:53.0703 1556 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:28:53.0890 1556 Processor - ok
20:28:53.0906 1556 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:54.0046 1556 ProtectedStorage - ok
20:28:54.0125 1556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:54.0296 1556 PSched - ok
20:28:54.0328 1556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:54.0500 1556 Ptilink - ok
20:28:54.0500 1556 ql1080 - ok
20:28:54.0515 1556 Ql10wnt - ok
20:28:54.0515 1556 ql12160 - ok
20:28:54.0515 1556 ql1240 - ok
20:28:54.0531 1556 ql1280 - ok
20:28:54.0546 1556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:54.0718 1556 RasAcd - ok
20:28:54.0812 1556 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:28:54.0968 1556 RasAuto - ok
20:28:55.0046 1556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:55.0234 1556 Rasl2tp - ok
20:28:55.0468 1556 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:28:55.0703 1556 RasMan - ok
20:28:55.0750 1556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:55.0921 1556 RasPppoe - ok
20:28:55.0984 1556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:56.0140 1556 Raspti - ok
20:28:56.0281 1556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:56.0500 1556 Rdbss - ok
20:28:56.0531 1556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:56.0671 1556 RDPCDD - ok
20:28:56.0796 1556 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:56.0875 1556 RDPWD - ok
20:28:56.0890 1556 RDSessMgr - ok
20:28:56.0968 1556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:57.0125 1556 redbook - ok
20:28:57.0187 1556 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:28:57.0375 1556 RemoteAccess - ok
20:28:57.0437 1556 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:28:57.0687 1556 RpcLocator - ok
20:28:58.0046 1556 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:28:58.0109 1556 RpcSs - ok
20:28:58.0187 1556 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:28:58.0375 1556 RSVP - ok
20:28:58.0375 1556 rt61 - ok
20:28:58.0453 1556 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
20:28:58.0500 1556 RTL8187B - ok
20:28:58.0515 1556 rwbackupsrv - ok
20:28:58.0515 1556 s217mgmt - ok
20:28:58.0515 1556 SABProcEnum - ok
20:28:58.0578 1556 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:58.0734 1556 SamSs - ok
20:28:58.0828 1556 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:28:58.0843 1556 SASDIFSV - ok
20:28:58.0859 1556 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:28:58.0890 1556 SASKUTIL - ok
20:28:58.0953 1556 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:28:59.0093 1556 sbp2port - ok
20:28:59.0125 1556 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:28:59.0281 1556 SCardSvr - ok
20:28:59.0328 1556 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:28:59.0484 1556 Schedule - ok
20:28:59.0515 1556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:28:59.0609 1556 Secdrv - ok
20:28:59.0625 1556 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:28:59.0750 1556 seclogon - ok
20:28:59.0765 1556 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:28:59.0921 1556 SENS - ok
20:28:59.0937 1556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:00.0093 1556 serenum - ok
20:29:00.0140 1556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:00.0312 1556 Serial - ok
20:29:00.0328 1556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:29:00.0546 1556 Sfloppy - ok
20:29:00.0734 1556 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:29:01.0031 1556 SharedAccess - ok
20:29:01.0375 1556 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:01.0406 1556 ShellHWDetection - ok
20:29:01.0421 1556 Simbad - ok
20:29:01.0421 1556 slssvc - ok
20:29:01.0656 1556 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
20:29:01.0765 1556 smwdm - ok
20:29:01.0781 1556 snac - ok
20:29:01.0781 1556 sonicatheaterinstallerservice - ok
20:29:01.0781 1556 Sparrow - ok
20:29:02.0000 1556 spkrmon (4a205d78d17e6234986ddcd0da2761e9) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
20:29:02.0000 1556 spkrmon ( UnsignedFile.Multi.Generic ) - warning
20:29:02.0000 1556 spkrmon - detected UnsignedFile.Multi.Generic (1)
20:29:02.0046 1556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:02.0234 1556 splitter - ok
20:29:02.0312 1556 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:29:02.0359 1556 Spooler - ok
20:29:02.0453 1556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:02.0546 1556 sr - ok
20:29:03.0046 1556 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:29:03.0187 1556 srservice - ok
20:29:03.0828 1556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:04.0046 1556 Srv - ok
20:29:04.0156 1556 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:29:04.0265 1556 SSDPSRV - ok
20:29:04.0281 1556 ssm_mdm - ok
20:29:04.0343 1556 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:29:04.0531 1556 stisvc - ok
20:29:04.0609 1556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:04.0750 1556 swenum - ok
20:29:04.0812 1556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:04.0953 1556 swmidi - ok
20:29:04.0968 1556 SWNC8U51 - ok
20:29:04.0968 1556 SwPrv - ok
20:29:04.0968 1556 symc810 - ok
20:29:04.0984 1556 symc8xx - ok
20:29:04.0984 1556 sym_hi - ok
20:29:05.0000 1556 sym_u3 - ok
20:29:05.0062 1556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:05.0468 1556 sysaudio - ok
20:29:05.0734 1556 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:29:05.0921 1556 SysmonLog - ok
20:29:05.0921 1556 sysplant - ok
20:29:06.0312 1556 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:29:06.0562 1556 TapiSrv - ok
20:29:06.0562 1556 tapvpn - ok
20:29:06.0812 1556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:06.0875 1556 Tcpip - ok
20:29:06.0906 1556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:07.0171 1556 TDPIPE - ok
20:29:07.0187 1556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:07.0390 1556 TDTCP - ok
20:29:07.0421 1556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:07.0593 1556 TermDD - ok
20:29:07.0796 1556 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:29:08.0000 1556 TermService - ok
20:29:08.0015 1556 tfsncofs - ok
20:29:08.0078 1556 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:08.0125 1556 Themes - ok
20:29:08.0140 1556 TosIde - ok
20:29:08.0234 1556 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:29:08.0421 1556 TrkWks - ok
20:29:08.0484 1556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:08.0656 1556 Udfs - ok
20:29:08.0671 1556 ultra - ok
20:29:08.0718 1556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:08.0875 1556 Update - ok
20:29:08.0921 1556 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:29:09.0015 1556 upnphost - ok
20:29:09.0046 1556 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:29:09.0171 1556 UPS - ok
20:29:09.0187 1556 USB11LDR - ok
20:29:09.0218 1556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:09.0375 1556 usbccgp - ok
20:29:09.0390 1556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:09.0546 1556 usbehci - ok
20:29:09.0593 1556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:09.0750 1556 usbhub - ok
20:29:09.0765 1556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:29:09.0921 1556 usbprint - ok
20:29:09.0953 1556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:10.0093 1556 usbscan - ok
20:29:10.0093 1556 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:10.0265 1556 usbstor - ok
20:29:10.0265 1556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:10.0421 1556 usbuhci - ok
20:29:10.0421 1556 VAIOMediaPlatform-MusicServer-UPnP - ok
20:29:10.0437 1556 vds - ok
20:29:10.0453 1556 vetefile - ok
20:29:10.0453 1556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:10.0593 1556 VgaSave - ok
20:29:10.0593 1556 ViaIde - ok
20:29:10.0609 1556 vmm - ok
20:29:10.0656 1556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:10.0812 1556 VolSnap - ok
20:29:10.0859 1556 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:29:10.0937 1556 VSS - ok
20:29:11.0000 1556 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:29:11.0140 1556 W32Time - ok
20:29:11.0156 1556 w550mdm - ok
20:29:11.0156 1556 w810bus - ok
20:29:11.0171 1556 wacomvhid - ok
20:29:11.0203 1556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:11.0375 1556 Wanarp - ok
20:29:11.0375 1556 WDICA - ok
20:29:11.0406 1556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:11.0546 1556 wdmaud - ok
20:29:11.0578 1556 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:29:11.0734 1556 WebClient - ok
20:29:11.0750 1556 webrootcommagentservice - ok
20:29:11.0859 1556 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:12.0000 1556 winmgmt - ok
20:29:12.0031 1556 winvnc4 - ok
20:29:12.0062 1556 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
20:29:12.0078 1556 WLNdis50 ( UnsignedFile.Multi.Generic ) - warning
20:29:12.0078 1556 WLNdis50 - detected UnsignedFile.Multi.Generic (1)
20:29:12.0468 1556 WLSVC (5bf6d377d3c277a3a174cafae32e5831) C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe
20:29:12.0500 1556 WLSVC ( UnsignedFile.Multi.Generic ) - warning
20:29:12.0500 1556 WLSVC - detected UnsignedFile.Multi.Generic (1)
20:29:12.0546 1556 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
20:29:12.0718 1556 WmdmPmSN - ok
20:29:12.0750 1556 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:29:12.0890 1556 WmiApSrv - ok
20:29:13.0156 1556 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:29:13.0234 1556 WPFFontCache_v0400 - ok
20:29:13.0281 1556 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:29:13.0437 1556 WS2IFSL - ok
20:29:13.0546 1556 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:29:13.0750 1556 wscsvc - ok
20:29:13.0796 1556 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:29:13.0953 1556 wuauserv - ok
20:29:14.0031 1556 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:29:14.0234 1556 WZCSVC - ok
20:29:14.0265 1556 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:29:14.0421 1556 xmlprov - ok
20:29:14.0421 1556 zd1211u(zydas) - ok
20:29:14.0453 1556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:15.0000 1556 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:29:15.0000 1556 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:29:15.0015 1556 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR3
20:29:18.0609 1556 \Device\Harddisk2\DR3 - ok
20:29:18.0625 1556 Boot (0x1200) (612458af766db4030db2d158dc43ba35) \Device\Harddisk0\DR0\Partition0
20:29:18.0640 1556 \Device\Harddisk0\DR0\Partition0 - ok
20:29:18.0656 1556 Boot (0x1200) (6947c8943b7eba5d7b6151afb008a82e) \Device\Harddisk2\DR3\Partition0
20:29:18.0656 1556 \Device\Harddisk2\DR3\Partition0 - ok
20:29:18.0656 1556 ============================================================
20:29:18.0656 1556 Scan finished
20:29:18.0656 1556 ============================================================
20:29:18.0765 0168 Detected object count: 8
20:29:18.0765 0168 Actual detected object count: 8
20:29:42.0000 0168 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 spkrmon ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 spkrmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 WLNdis50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 WLNdis50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 WLSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:42.0000 0168 WLSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:42.0000 0168 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:29:42.0000 0168 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:30:22.0156 1268 ============================================================
20:30:22.0156 1268 Scan started
20:30:22.0156 1268 Mode: Manual; SigCheck; TDLFS;
20:30:22.0156 1268 ============================================================
20:30:22.0859 1268 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:30:22.0906 1268 !SASCORE - ok
20:30:22.0937 1268 2wirepcp - ok
20:30:22.0937 1268 Abiosdsk - ok
20:30:22.0953 1268 abp480n5 - ok
20:30:23.0265 1268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:23.0437 1268 ACPI - ok
20:30:23.0500 1268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:23.0671 1268 ACPIEC - ok
20:30:24.0062 1268 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:24.0093 1268 AdobeFlashPlayerUpdateSvc - ok
20:30:24.0093 1268 adpu160m - ok
20:30:25.0281 1268 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
20:30:25.0421 1268 AdvancedSystemCareService5 - ok
20:30:25.0484 1268 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:30:25.0500 1268 aeaudio - ok
20:30:25.0578 1268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:25.0750 1268 aec - ok
20:30:25.0812 1268 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:30:25.0828 1268 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:30:25.0828 1268 AegisP - detected UnsignedFile.Multi.Generic (1)
20:30:26.0000 1268 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:30:26.0046 1268 AFD - ok
20:30:26.0046 1268 Aha154x - ok
20:30:26.0062 1268 aic78u2 - ok
20:30:26.0062 1268 aic78xx - ok
20:30:26.0109 1268 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:30:26.0281 1268 Alerter - ok
20:30:26.0328 1268 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:30:26.0406 1268 ALG - ok
20:30:26.0406 1268 AliIde - ok
20:30:26.0421 1268 amsint - ok
20:30:26.0640 1268 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:30:26.0671 1268 Apple Mobile Device - ok
20:30:26.0671 1268 AppMgmt - ok
20:30:26.0671 1268 AppnBase - ok
20:30:26.0781 1268 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:30:26.0953 1268 Arp1394 - ok
20:30:26.0953 1268 asc - ok
20:30:26.0968 1268 asc3350p - ok
20:30:26.0968 1268 asc3550 - ok
20:30:27.0296 1268 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:30:27.0312 1268 aspnet_state - ok
20:30:27.0328 1268 asuskeyboardservice - ok
20:30:27.0359 1268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:27.0500 1268 AsyncMac - ok
20:30:27.0703 1268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:27.0875 1268 atapi - ok
20:30:27.0875 1268 Atdisk - ok
20:30:27.0890 1268 Ati HotKey Poller - ok
20:30:28.0453 1268 ATI Smart (9c8f6be465b7a0455266a26723aac736) C:\WINDOWS\system32\ati2sgag.exe
20:30:28.0500 1268 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:30:28.0500 1268 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:30:29.0140 1268 ati2mtag (c82240ce60a9326e52282f62ba923f27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:30:29.0250 1268 ati2mtag - ok
20:30:29.0343 1268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:29.0500 1268 Atmarpc - ok
20:30:29.0609 1268 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:30:29.0781 1268 AudioSrv - ok
20:30:29.0828 1268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:29.0984 1268 audstub - ok
20:30:35.0234 1268 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:30:35.0781 1268 AVGIDSAgent - ok
20:30:36.0796 1268 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:30:36.0828 1268 AVGIDSDriver - ok
20:30:36.0875 1268 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:30:36.0890 1268 AVGIDSFilter - ok
20:30:36.0953 1268 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:30:36.0968 1268 AVGIDSHX - ok
20:30:37.0046 1268 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:30:37.0062 1268 AVGIDSShim - ok
20:30:37.0312 1268 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:30:37.0328 1268 Avgldx86 - ok
20:30:37.0421 1268 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:30:37.0437 1268 Avgmfx86 - ok
20:30:37.0484 1268 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:30:37.0500 1268 Avgrkx86 - ok
20:30:37.0968 1268 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:30:38.0000 1268 Avgtdix - ok
20:30:38.0312 1268 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:30:38.0328 1268 avgwd - ok
20:30:38.0343 1268 avupdsvc - ok
20:30:38.0640 1268 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:30:38.0671 1268 b57w2k - ok
20:30:38.0734 1268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:38.0906 1268 Beep - ok
20:30:39.0437 1268 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:30:39.0625 1268 BITS - ok
20:30:39.0640 1268 blueletscoaudio - ok
20:30:40.0187 1268 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:30:40.0218 1268 Bonjour Service - ok
20:30:40.0343 1268 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:30:40.0500 1268 Browser - ok
20:30:40.0515 1268 caccprovsp - ok
20:30:40.0734 1268 catchme - ok
20:30:40.0796 1268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:40.0953 1268 cbidf2k - ok
20:30:40.0953 1268 cd20xrnt - ok
20:30:41.0031 1268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:41.0171 1268 Cdaudio - ok
20:30:41.0250 1268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:41.0406 1268 Cdfs - ok
20:30:41.0500 1268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:41.0671 1268 Cdrom - ok
20:30:41.0765 1268 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:30:41.0796 1268 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:30:41.0796 1268 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:30:41.0796 1268 Changer - ok
20:30:41.0859 1268 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:30:42.0015 1268 CiSvc - ok
20:30:42.0078 1268 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:30:42.0234 1268 ClipSrv - ok
20:30:42.0640 1268 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:42.0671 1268 clr_optimization_v2.0.50727_32 - ok
20:30:43.0000 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:43.0015 1268 clr_optimization_v4.0.30319_32 - ok
20:30:43.0031 1268 cmdagent - ok
20:30:43.0031 1268 CmdIde - ok
20:30:43.0046 1268 COMMONFX.DLL - ok
20:30:43.0062 1268 compbatt - ok
20:30:43.0062 1268 COMSysApp - ok
20:30:43.0078 1268 Cpqarray - ok
20:30:43.0093 1268 crcdisk - ok
20:30:43.0250 1268 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:30:43.0421 1268 CryptSvc - ok
20:30:43.0421 1268 dac2w2k - ok
20:30:43.0437 1268 dac960nt - ok
20:30:43.0437 1268 dbmang - ok
20:30:43.0953 1268 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:30:43.0968 1268 DcomLaunch - ok
20:30:44.0187 1268 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:30:44.0343 1268 Dhcp - ok
20:30:44.0453 1268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:44.0625 1268 Disk - ok
20:30:44.0625 1268 dlaudfam - ok
20:30:44.0640 1268 dmadmin - ok
20:30:45.0609 1268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:45.0796 1268 dmboot - ok
20:30:45.0890 1268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:46.0062 1268 dmio - ok
20:30:46.0093 1268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:46.0234 1268 dmload - ok
20:30:46.0296 1268 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:30:46.0468 1268 dmserver - ok
20:30:46.0546 1268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:46.0703 1268 DMusic - ok
20:30:46.0812 1268 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:30:46.0843 1268 Dnscache - ok
20:30:46.0968 1268 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:30:47.0140 1268 Dot3svc - ok
20:30:47.0140 1268 dpfusmgr - ok
20:30:47.0156 1268 dpti2o - ok
20:30:47.0203 1268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:47.0406 1268 drmkaud - ok
20:30:47.0406 1268 dtsrvc - ok
20:30:47.0421 1268 dvd_2K - ok
20:30:47.0421 1268 DynDNS_Updater_Service - ok
20:30:47.0484 1268 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:30:47.0656 1268 EapHost - ok
20:30:47.0671 1268 EhttpSrv - ok
20:30:47.0671 1268 eliservice - ok
20:30:47.0687 1268 ELmou - ok
20:30:47.0781 1268 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:30:47.0937 1268 ERSvc - ok
20:30:48.0109 1268 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:48.0140 1268 Eventlog - ok
20:30:48.0328 1268 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:30:48.0406 1268 EventSystem - ok
20:30:48.0546 1268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:48.0718 1268 Fastfat - ok
20:30:48.0906 1268 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:48.0937 1268 FastUserSwitchingCompatibility - ok
20:30:48.0937 1268 fcprintservice - ok
20:30:48.0984 1268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:30:49.0156 1268 Fdc - ok
20:30:49.0156 1268 fetnd5bv - ok
20:30:49.0250 1268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:49.0375 1268 Fips - ok
20:30:49.0421 1268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:30:49.0578 1268 Flpydisk - ok
20:30:49.0796 1268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:30:49.0968 1268 FltMgr - ok
20:30:50.0515 1268 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:30:50.0531 1268 FontCache3.0.0.0 - ok
20:30:50.0593 1268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:50.0812 1268 Fs_Rec - ok
20:30:50.0875 1268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:51.0015 1268 Ftdisk - ok
20:30:51.0109 1268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:30:51.0125 1268 GEARAspiWDM - ok
20:30:51.0234 1268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:51.0812 1268 Gpc - ok
20:30:51.0812 1268 GTF32BUS - ok
20:30:52.0125 1268 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:52.0156 1268 gupdate - ok
20:30:52.0156 1268 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:30:52.0171 1268 gupdatem - ok
20:30:52.0437 1268 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:30:52.0453 1268 gusvc - ok
20:30:52.0515 1268 helpsvc - ok
20:30:52.0609 1268 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:30:52.0734 1268 HidServ - ok
20:30:52.0781 1268 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:52.0937 1268 hidusb - ok
20:30:53.0031 1268 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:30:53.0156 1268 hkmsvc - ok
20:30:53.0171 1268 hmonitor - ok
20:30:53.0171 1268 hpn - ok
20:30:53.0296 1268 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:30:53.0328 1268 HPZid412 - ok
20:30:53.0390 1268 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:30:53.0421 1268 HPZipr12 - ok
20:30:53.0484 1268 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:30:53.0500 1268 HPZius12 - ok
20:30:53.0500 1268 HssSrv - ok
20:30:53.0890 1268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:53.0906 1268 HTTP - ok
20:30:53.0968 1268 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:30:54.0140 1268 HTTPFilter - ok
20:30:54.0140 1268 i2omgmt - ok
20:30:54.0156 1268 i2omp - ok
20:30:55.0390 1268 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:55.0453 1268 idsvc - ok
20:30:55.0546 1268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:55.0687 1268 Imapi - ok
20:30:55.0781 1268 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:30:55.0937 1268 ImapiService - ok
20:30:55.0937 1268 incdfs - ok
20:30:55.0953 1268 ini910u - ok
20:30:55.0953 1268 IntelC51 - ok
20:30:56.0000 1268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:30:56.0343 1268 IntelIde - ok
20:30:56.0546 1268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:30:56.0687 1268 intelppm - ok
20:30:56.0750 1268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:30:56.0890 1268 Ip6Fw - ok
20:30:56.0953 1268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:57.0109 1268 IpFilterDriver - ok
20:30:57.0109 1268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:57.0484 1268 IpInIp - ok
20:30:57.0609 1268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:57.0781 1268 IpNat - ok
20:30:58.0890 1268 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
20:30:59.0015 1268 iPod Service - ok
20:30:59.0171 1268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:59.0359 1268 IPSec - ok
20:30:59.0390 1268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:59.0468 1268 IRENUM - ok
20:30:59.0546 1268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:59.0703 1268 isapnp - ok
20:30:59.0718 1268 iteatapi - ok
20:31:00.0015 1268 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
20:31:00.0031 1268 JavaQuickStarterService - ok
20:31:00.0375 1268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:31:00.0546 1268 Kbdclass - ok
20:31:00.0578 1268 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:31:00.0765 1268 kbdhid - ok
20:31:00.0875 1268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:31:01.0031 1268 kmixer - ok
20:31:01.0203 1268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:31:01.0250 1268 KSecDD - ok
20:31:01.0265 1268 L8042mou - ok
20:31:01.0687 1268 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:31:01.0703 1268 lanmanserver - ok
20:31:01.0906 1268 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:31:01.0953 1268 lanmanworkstation - ok
20:31:01.0953 1268 lbrtfdc - ok
20:31:01.0968 1268 ldlcserv - ok
20:31:02.0031 1268 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:31:02.0203 1268 LmHosts - ok
20:31:02.0203 1268 LMS - ok
20:31:02.0218 1268 LUsbFilt - ok
20:31:02.0218 1268 LVBulk - ok
20:31:02.0234 1268 lvpr2mon - ok
20:31:02.0234 1268 lvusbsta - ok
20:31:02.0234 1268 lxdm_device - ok
20:31:02.0250 1268 lxrjd31d - ok
20:31:02.0328 1268 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:31:02.0515 1268 Messenger - ok
20:31:02.0562 1268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:31:02.0734 1268 mnmdd - ok
20:31:02.0734 1268 mnmsrvc - ok
20:31:02.0796 1268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:31:02.0953 1268 Modem - ok
20:31:03.0015 1268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:31:03.0343 1268 Mouclass - ok
20:31:03.0390 1268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:31:03.0671 1268 mouhid - ok
20:31:03.0796 1268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:31:04.0125 1268 MountMgr - ok
20:31:04.0125 1268 mraid35x - ok
20:31:04.0140 1268 mrpostman - ok
20:31:04.0421 1268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:31:04.0562 1268 MRxDAV - ok
20:31:05.0296 1268 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:31:05.0359 1268 MRxSmb - ok
20:31:05.0421 1268 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:31:05.0578 1268 MSDTC - ok
20:31:05.0640 1268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:31:05.0906 1268 Msfs - ok
20:31:05.0906 1268 MSIServer - ok
20:31:05.0968 1268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:31:06.0125 1268 MSKSSRV - ok
20:31:06.0125 1268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:31:06.0296 1268 MSPCLOCK - ok
20:31:06.0296 1268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:31:06.0453 1268 MSPQM - ok
20:31:06.0531 1268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:31:06.0656 1268 mssmbios - ok
20:31:06.0656 1268 mssqlserver - ok
20:31:06.0875 1268 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:31:06.0921 1268 Mup - ok
20:31:07.0156 1268 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:31:07.0312 1268 napagent - ok
20:31:07.0734 1268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:31:07.0890 1268 NDIS - ok
20:31:07.0937 1268 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:31:07.0984 1268 NdisTapi - ok
20:31:08.0015 1268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:31:08.0187 1268 Ndisuio - ok
20:31:08.0343 1268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:31:08.0500 1268 NdisWan - ok
20:31:08.0578 1268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:31:08.0625 1268 NDProxy - ok
20:31:08.0640 1268 NEOFLTR_600_13319 - ok
20:31:08.0703 1268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:31:08.0875 1268 NetBIOS - ok
20:31:09.0140 1268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:31:09.0390 1268 NetBT - ok
20:31:09.0578 1268 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:31:09.0750 1268 NetDDE - ok
20:31:09.0750 1268 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:31:09.0906 1268 NetDDEdsdm - ok
20:31:09.0921 1268 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:10.0093 1268 Netlogon - ok
20:31:10.0281 1268 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:31:10.0468 1268 Netman - ok
20:31:10.0750 1268 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:10.0796 1268 NetTcpPortSharing - ok
20:31:10.0921 1268 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:31:11.0093 1268 NIC1394 - ok
20:31:11.0093 1268 NICM - ok
20:31:11.0390 1268 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:31:11.0437 1268 Nla - ok
20:31:11.0437 1268 nmraapache - ok
20:31:11.0515 1268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:31:11.0718 1268 Npfs - ok
20:31:12.0562 1268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:31:12.0781 1268 Ntfs - ok
20:31:12.0796 1268 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:12.0968 1268 NtLmSsp - ok
20:31:13.0296 1268 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:31:13.0468 1268 NtmsSvc - ok
20:31:13.0515 1268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:31:13.0687 1268 Null - ok
20:31:13.0703 1268 nvstor32 - ok
20:31:13.0703 1268 nwdls - ok
20:31:13.0765 1268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:31:13.0937 1268 NwlnkFlt - ok
20:31:13.0984 1268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:31:14.0171 1268 NwlnkFwd - ok
20:31:14.0296 1268 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:31:14.0421 1268 ohci1394 - ok
20:31:14.0484 1268 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
20:31:14.0515 1268 OMCI ( UnsignedFile.Multi.Generic ) - warning
20:31:14.0515 1268 OMCI - detected UnsignedFile.Multi.Generic (1)
20:31:14.0640 1268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:31:14.0781 1268 Parport - ok
20:31:14.0812 1268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:31:15.0000 1268 PartMgr - ok
20:31:15.0062 1268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:31:15.0203 1268 ParVdm - ok
20:31:15.0234 1268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:31:15.0390 1268 PCI - ok
20:31:15.0390 1268 PCIDump - ok
20:31:15.0421 1268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:31:15.0593 1268 PCIIde - ok
20:31:15.0703 1268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:31:15.0859 1268 Pcmcia - ok
20:31:15.0859 1268 PDCOMP - ok
20:31:15.0875 1268 PDFRAME - ok
20:31:15.0875 1268 pdlncbas - ok
20:31:15.0890 1268 pdlndldl - ok
20:31:15.0890 1268 PDRELI - ok
20:31:15.0906 1268 PDRFRAME - ok
20:31:15.0906 1268 perc2 - ok
20:31:15.0921 1268 perc2hib - ok
20:31:16.0109 1268 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:31:16.0140 1268 PlugPlay - ok
20:31:16.0156 1268 Pml Driver HPZ12 - ok
20:31:16.0156 1268 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:16.0312 1268 PolicyAgent - ok
20:31:16.0406 1268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:31:16.0562 1268 PptpMiniport - ok
20:31:16.0625 1268 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:31:16.0812 1268 Processor - ok
20:31:16.0828 1268 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:16.0968 1268 ProtectedStorage - ok
20:31:17.0062 1268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:31:17.0218 1268 PSched - ok
20:31:17.0281 1268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:31:17.0453 1268 Ptilink - ok
20:31:17.0468 1268 ql1080 - ok
20:31:17.0468 1268 Ql10wnt - ok
20:31:17.0468 1268 ql12160 - ok
20:31:17.0484 1268 ql1240 - ok
20:31:17.0500 1268 ql1280 - ok
20:31:17.0531 1268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:31:17.0687 1268 RasAcd - ok
20:31:17.0750 1268 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:31:17.0921 1268 RasAuto - ok
20:31:17.0984 1268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:31:18.0171 1268 Rasl2tp - ok
20:31:18.0484 1268 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:31:18.0625 1268 RasMan - ok
20:31:18.0703 1268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:31:18.0906 1268 RasPppoe - ok
20:31:18.0953 1268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:31:19.0093 1268 Raspti - ok
20:31:19.0328 1268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:31:19.0500 1268 Rdbss - ok
20:31:19.0546 1268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:31:19.0687 1268 RDPCDD - ok
20:31:19.0796 1268 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:31:19.0859 1268 RDPWD - ok
20:31:19.0859 1268 RDSessMgr - ok
20:31:20.0031 1268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:31:20.0187 1268 redbook - ok
20:31:20.0234 1268 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:31:20.0390 1268 RemoteAccess - ok
20:31:20.0468 1268 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:31:20.0609 1268 RpcLocator - ok
20:31:21.0187 1268 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:31:21.0218 1268 RpcSs - ok
20:31:21.0453 1268 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:31:21.0640 1268 RSVP - ok
20:31:21.0656 1268 rt61 - ok
20:31:21.0937 1268 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
20:31:21.0984 1268 RTL8187B - ok
20:31:21.0984 1268 rwbackupsrv - ok
20:31:21.0984 1268 s217mgmt - ok
20:31:22.0000 1268 SABProcEnum - ok
20:31:22.0078 1268 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:22.0218 1268 SamSs - ok
20:31:22.0406 1268 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:31:22.0500 1268 SASDIFSV - ok
20:31:22.0593 1268 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:31:22.0625 1268 SASKUTIL - ok
20:31:22.0671 1268 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:31:22.0953 1268 sbp2port - ok
20:31:23.0000 1268 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:31:23.0234 1268 SCardSvr - ok
20:31:23.0296 1268 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:31:23.0453 1268 Schedule - ok
20:31:23.0468 1268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:31:23.0578 1268 Secdrv - ok
20:31:23.0625 1268 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:31:23.0781 1268 seclogon - ok
20:31:23.0796 1268 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:31:23.0953 1268 SENS - ok
20:31:23.0968 1268 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:31:24.0125 1268 serenum - ok
20:31:24.0140 1268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:31:24.0296 1268 Serial - ok
20:31:24.0343 1268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:31:24.0500 1268 Sfloppy - ok
20:31:24.0546 1268 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:31:24.0703 1268 SharedAccess - ok
20:31:24.0781 1268 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:25.0078 1268 ShellHWDetection - ok
20:31:25.0203 1268 Simbad - ok
20:31:25.0203 1268 slssvc - ok
20:31:26.0796 1268 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
20:31:26.0906 1268 smwdm - ok
20:31:26.0921 1268 snac - ok
20:31:26.0921 1268 sonicatheaterinstallerservice - ok
20:31:26.0937 1268 Sparrow - ok
20:31:27.0171 1268 spkrmon (4a205d78d17e6234986ddcd0da2761e9) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
20:31:27.0171 1268 spkrmon ( UnsignedFile.Multi.Generic ) - warning
20:31:27.0171 1268 spkrmon - detected UnsignedFile.Multi.Generic (1)
20:31:27.0234 1268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:31:27.0390 1268 splitter - ok
20:31:27.0515 1268 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:31:27.0562 1268 Spooler - ok
20:31:27.0656 1268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:31:27.0750 1268 sr - ok
20:31:28.0046 1268 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:31:28.0125 1268 srservice - ok
20:31:28.0671 1268 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:31:28.0718 1268 Srv - ok
20:31:29.0062 1268 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:31:29.0156 1268 SSDPSRV - ok
20:31:29.0156 1268 ssm_mdm - ok
20:31:29.0703 1268 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:31:29.0859 1268 stisvc - ok
20:31:29.0890 1268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:31:30.0296 1268 swenum - ok
20:31:30.0343 1268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:31:30.0500 1268 swmidi - ok
20:31:30.0500 1268 SWNC8U51 - ok
20:31:30.0515 1268 SwPrv - ok
20:31:30.0515 1268 symc810 - ok
20:31:30.0531 1268 symc8xx - ok
20:31:30.0531 1268 sym_hi - ok
20:31:30.0531 1268 sym_u3 - ok
20:31:30.0625 1268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:31:30.0781 1268 sysaudio - ok
20:31:30.0906 1268 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:31:31.0109 1268 SysmonLog - ok
20:31:31.0109 1268 sysplant - ok
20:31:31.0359 1268 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:31:31.0500 1268 TapiSrv - ok
20:31:31.0500 1268 tapvpn - ok
20:31:31.0953 1268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:31:31.0984 1268 Tcpip - ok
20:31:32.0046 1268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:31:32.0203 1268 TDPIPE - ok
20:31:32.0234 1268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:31:32.0390 1268 TDTCP - ok
20:31:32.0468 1268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:31:32.0625 1268 TermDD - ok
20:31:33.0281 1268 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:31:33.0437 1268 TermService - ok
20:31:33.0453 1268 tfsncofs - ok
20:31:33.0562 1268 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:33.0593 1268 Themes - ok
20:31:33.0625 1268 TosIde - ok
20:31:33.0812 1268 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:31:33.0968 1268 TrkWks - ok
20:31:34.0109 1268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:31:34.0281 1268 Udfs - ok
20:31:34.0281 1268 ultra - ok
20:31:34.0796 1268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:31:34.0968 1268 Update - ok
20:31:35.0234 1268 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:31:35.0328 1268 upnphost - ok
20:31:35.0359 1268 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:31:35.0531 1268 UPS - ok
20:31:35.0546 1268 USB11LDR - ok
20:31:35.0625 1268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:31:35.0796 1268 usbccgp - ok
20:31:35.0843 1268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:36.0000 1268 usbehci - ok
20:31:36.0093 1268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:36.0250 1268 usbhub - ok
20:31:36.0312 1268 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:31:36.0484 1268 usbprint - ok
20:31:36.0531 1268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:36.0687 1268 usbscan - ok
20:31:36.0734 1268 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:36.0890 1268 usbstor - ok
20:31:36.0937 1268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:37.0093 1268 usbuhci - ok
20:31:37.0093 1268 VAIOMediaPlatform-MusicServer-UPnP - ok
20:31:37.0109 1268 vds - ok
20:31:37.0109 1268 vetefile - ok
20:31:37.0156 1268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:31:37.0312 1268 VgaSave - ok
20:31:37.0312 1268 ViaIde - ok
20:31:37.0328 1268 vmm - ok
20:31:37.0406 1268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:37.0562 1268 VolSnap - ok
20:31:37.0703 1268 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:31:37.0781 1268 VSS - ok
20:31:38.0046 1268 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:31:38.0234 1268 W32Time - ok
20:31:38.0234 1268 w550mdm - ok
20:31:38.0250 1268 w810bus - ok
20:31:38.0250 1268 wacomvhid - ok
20:31:38.0359 1268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:38.0515 1268 Wanarp - ok
20:31:38.0531 1268 WDICA - ok
20:31:38.0671 1268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:38.0843 1268 wdmaud - ok
20:31:38.0968 1268 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:31:39.0125 1268 WebClient - ok
20:31:39.0125 1268 webrootcommagentservice - ok
20:31:39.0312 1268 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:31:39.0500 1268 winmgmt - ok
20:31:39.0531 1268 winvnc4 - ok
20:31:39.0593 1268 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
20:31:39.0703 1268 WLNdis50 ( UnsignedFile.Multi.Generic ) - warning
20:31:39.0703 1268 WLNdis50 - detected UnsignedFile.Multi.Generic (1)
20:31:39.0875 1268 WLSVC (5bf6d377d3c277a3a174cafae32e5831) C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe
20:31:39.0937 1268 WLSVC ( UnsignedFile.Multi.Generic ) - warning
20:31:39.0937 1268 WLSVC - detected UnsignedFile.Multi.Generic (1)
20:31:40.0218 1268 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
20:31:40.0562 1268 WmdmPmSN - ok
20:31:40.0734 1268 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:31:40.0906 1268 WmiApSrv - ok
20:31:42.0328 1268 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:31:42.0406 1268 WPFFontCache_v0400 - ok
20:31:42.0484 1268 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:31:42.0656 1268 WS2IFSL - ok
20:31:42.0859 1268 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:31:43.0046 1268 wscsvc - ok
20:31:43.0093 1268 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:31:43.0265 1268 wuauserv - ok
20:31:44.0046 1268 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:31:44.0250 1268 WZCSVC - ok
20:31:44.0375 1268 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:31:44.0515 1268 xmlprov - ok
20:31:44.0515 1268 zd1211u(zydas) - ok
20:31:44.0562 1268 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:31:51.0718 1268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:31:51.0718 1268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:31:51.0718 1268 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR3
20:31:55.0406 1268 \Device\Harddisk2\DR3 - ok
20:31:55.0421 1268 Boot (0x1200) (612458af766db4030db2d158dc43ba35) \Device\Harddisk0\DR0\Partition0
20:31:55.0437 1268 \Device\Harddisk0\DR0\Partition0 - ok
20:31:55.0437 1268 Boot (0x1200) (6947c8943b7eba5d7b6151afb008a82e) \Device\Harddisk2\DR3\Partition0
20:31:55.0437 1268 \Device\Harddisk2\DR3\Partition0 - ok
20:31:55.0453 1268 ============================================================
20:31:55.0453 1268 Scan finished
20:31:55.0453 1268 ============================================================
20:31:55.0468 3884 Detected object count: 8
20:31:55.0468 3884 Actual detected object count: 8
20:32:01.0968 3884 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0968 3884 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0968 3884 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 spkrmon ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 spkrmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 WLNdis50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 WLNdis50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 WLSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:01.0984 3884 WLSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:32:01.0984 3884 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:32:01.0984 3884 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:32:05.0687 2600 Deinitialize success

Attached Files



#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 11 June 2012 - 08:41 PM

bmjoy,

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Also, do you happen to have your Windows XP CD available?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 11 June 2012 - 09:16 PM

Jason,

I have attached the aswMBR scan results. I do have the original Dell install CD for Windows XP sp2.

Thank you.

Brent

Attached Files



#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 11 June 2012 - 09:47 PM

bmjoy,

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

:step1:

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
  • Do not install to a folder with spaces in it's name.
  • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your Dell XP CD SP2 into a CD Rom drive
  • Create a new folder on your C drive called dellxpcd (that is, it'll be located at C:\dellxpcd)
  • Copy the entire contents of your Dell CD to the C:\dellxpcd folder.
  • Download subinacl from Microsoft. Install this tool to the default "C:\Program Files\Windows Resource Kits\Tools" folder.
  • Download this dellregfix.zip and unzip it.
  • In your C:\dellxpcd folder find where the setupreg.hiv file is. Copy the subinacl.exe file from C:\Program Files\Windows Resource Kits\Tools folder and the dellregfix.cmd files to this folder.
  • Now run the dellregfix.cmd file by double clicking on it. Make sure you ONLY run this CMD script from within your C:\dellxpcd folder!

3. Create the UBCD4Win ISO File
Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the C:\dellxpcd path
    • You can click on the "..." button on the right to navigate to the path as well.
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
  • Output: (C:\ubcd4win\BartPE)
    • Keep the default BartPE
  • Media output
  • Choose Create ISO image
  • Type in: C:\UBCD4Win\WinXP.iso
  • Do not choose Burn to CD/DVD
[/list]

4. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit


5. Burn your ISO file to CD
  • Please see HERE on how to burn an ISO to CD.

==========

:step2:

Next, from your clean computer:

Download Farbar Recovery Scan Tool
and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

:step3:

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
  • You should now have a desktop that looks like this:

    Posted Image


==========

:step4:

  • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
  • Double click on it to begin running the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.

Edited by jntkwx, 11 June 2012 - 09:49 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 12 June 2012 - 01:05 PM

Jason,

Here is the log file from the recovery tool.

Thanks,

Brent

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012
Ran by SYSTEM at 12-06-2012 14:00:09
Running from D:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [49152 2004-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-26] (ATI Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [282624 2007-04-27] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Brent & Sharon\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-06] (Google Inc.)
HKU\Brent & Sharon\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-05-30] (SUPERAntiSpyware.com)
HKU\Brent & Sharon\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Brent & Sharon\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shdocvw.dll ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\PROGRAMS\HP\Digital Imaging\bin\hpqtra08.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\PROGRAMS\HP\Digital Imaging\bin\hpqthb08.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\PROGRAMS\TRENDnet\TEW-424UB\WlanCU.exe (No File)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-26] ()
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 bcm43xx; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
2 mcdbus; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 oracle_load_balancer_60_server-forms6ip14; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 rchost; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] ()
2 WLSVC; C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe [167936 2009-02-12] ()
2 2wirepcp; C:\Windows\System32\PCASp50.dll [x]
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
2 AppnBase; C:\Windows\System32\cdvp.dll [x]
2 asuskeyboardservice; C:\Windows\System32\ghaio.dll [x]
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [x]
2 avupdsvc; C:\Windows\System32\dmprimer.dll [x]
2 blueletscoaudio; C:\Windows\System32\id2scaps.dll [x]
2 caccprovsp; C:\Windows\System32\rkhdrv31.dll [x]
2 cmdagent; C:\Windows\System32\deckzpsx.dll [x]
2 COMMONFX.DLL; C:\Windows\System32\UCTblHid.dll [x]
2 compbatt; C:\Windows\System32\DCamUSBSQTECH.dll [x]
2 crcdisk; C:\Windows\System32\ivscheduler.dll [x]
2 dbmang; C:\Windows\System32\nvport.dll [x]
2 dlaudfam; C:\Windows\System32\as32svc.dll [x]
2 dpfusmgr; C:\Windows\System32\windrvNT.dll [x]
2 dtsrvc; C:\Windows\System32\vpcbus.dll [x]
2 dvd_2K; C:\Windows\System32\ialm.dll [x]
2 DynDNS_Updater_Service; C:\Windows\System32\NsTrcNT.dll [x]
2 EhttpSrv; C:\Windows\System32\CTEAPSFX.DLL.dll [x]
2 eliservice; C:\Windows\System32\backupexecagentaccelerator.dll [x]
2 ELmou; C:\Windows\System32\spkrmon.dll [x]
2 fcprintservice; C:\Windows\System32\axsnmsvc.dll [x]
2 fetnd5bv; C:\Windows\System32\rimmptsk.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 GTF32BUS; C:\Windows\System32\rxfilter.dll [x]
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
2 hmonitor; C:\Windows\System32\tmxpflt.dll [x]
2 HssSrv; C:\Windows\System32\PQNTDrv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 incdfs; C:\Windows\System32\zebrceb.dll [x]
2 IntelC51; C:\Windows\System32\tosporte.dll [x]
2 iteatapi; C:\Windows\System32\areschatserver.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 L8042mou; C:\Windows\System32\zfdwm.dll [x]
2 ldlcserv; C:\Windows\System32\ATKFUSService.dll [x]
2 LMS; C:\Windows\System32\psdvdisk.dll [x]
2 LUsbFilt; C:\Windows\System32\usbohci.dll [x]
2 LVBulk; C:\Windows\System32\MKEMUSB.dll [x]
2 lvpr2mon; C:\Windows\System32\symlcbrd.dll [x]
2 lvusbsta; C:\Windows\System32\w550bus.dll [x]
2 lxdm_device; C:\Windows\System32\tosrfnds.dll [x]
2 lxrjd31d; C:\Windows\System32\toshidpt.dll [x]
2 mrpostman; C:\Windows\System32\wanminiportservice.dll [x]
2 mssqlserver; C:\Windows\System32\roxupnpserver.dll [x]
2 NEOFLTR_600_13319; C:\Windows\System32\atalk.dll [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 NICM; C:\Windows\System32\licensemanagersocket.dll [x]
2 nmraapache; C:\Windows\System32\alcxsens.dll [x]
2 nvstor32; C:\Windows\System32\EMATCORE.dll [x]
2 nwdls; C:\Windows\System32\richvideo.dll [x]
2 pdlncbas; C:\Windows\System32\CSDriver.dll [x]
2 pdlndldl; C:\Windows\System32\ssoftservice.dll [x]
3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [x]
2 rt61; C:\Windows\System32\RimSerPort.dll [x]
2 rwbackupsrv; C:\Windows\System32\M2500.dll [x]
2 s217mgmt; C:\Windows\System32\SrvcEPIOMngr.dll [x]
2 SABProcEnum; C:\Windows\System32\snapman380.dll [x]
2 slssvc; C:\Windows\System32\ati2mtaa.dll [x]
2 snac; C:\Windows\System32\z525mdm.dll [x]
2 sonicatheaterinstallerservice; C:\Windows\System32\ELmon.dll [x]
2 ssm_mdm; C:\Windows\System32\ibmsmbus.dll [x]
2 SWNC8U51; C:\Windows\System32\mediamaxxlservice.dll [x]
2 sysplant; C:\Windows\System32\eaps2kbd.dll [x]
2 tapvpn; C:\Windows\System32\fireport.dll [x]
2 tfsncofs; C:\Windows\System32\dot4scan.dll [x]
2 USB11LDR; C:\Windows\System32\s117mdm.dll [x]
2 VAIOMediaPlatform-MusicServer-UPnP; C:\Windows\System32\epsonstatusagent2.dll [x]
2 vds; C:\Windows\System32\MREMP50a64.dll [x]
2 vetefile; C:\Windows\System32\adminserver.dll [x]
2 vmm; C:\Windows\System32\NVR0Dev.dll [x]
2 w550mdm; C:\Windows\System32\datasvr.dll [x]
2 w810bus; C:\Windows\System32\thinkpadmodemservice.dll [x]
2 wacomvhid; C:\Windows\System32\Maplom.dll [x]
2 webrootcommagentservice; C:\Windows\System32\CTEAPSFX.DLL.dll [x]
2 winvnc4; C:\Windows\System32\dwmrcs.dll [x]
2 zd1211u(zydas); C:\Windows\System32\crystalinputfileserver.dll [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2012-03-05] (Cisco Systems, Inc.)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [729600 2004-05-26] (ATI Technologies Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [186112 2004-04-29] (Broadcom Corporation)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [264576 2007-07-19] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 WLNdis50; C:\Windows\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] ()
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\BRENT&~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: mssqlserver -> C:\Windows\system32\roxupnpserver.dll ==> No File.
NETSVC: sonicatheaterinstallerservice -> C:\Windows\system32\ELmon.dll ==> No File.
NETSVC: USB11LDR -> C:\Windows\system32\s117mdm.dll ==> No File.
NETSVC: SABProcEnum -> C:\Windows\system32\snapman380.dll ==> No File.
NETSVC: wacomvhid -> C:\Windows\system32\Maplom.dll ==> No File.
NETSVC: iteatapi -> C:\Windows\system32\areschatserver.dll ==> No File.
NETSVC: caccprovsp -> C:\Windows\system32\rkhdrv31.dll ==> No File.
NETSVC: incdfs -> C:\Windows\system32\zebrceb.dll ==> No File.
NETSVC: sysplant -> C:\Windows\system32\eaps2kbd.dll ==> No File.
NETSVC: LUsbFilt -> C:\Windows\system32\usbohci.dll ==> No File.
NETSVC: VAIOMediaPlatform-MusicServer-UPnP -> C:\Windows\system32\epsonstatusagent2.dll ==> No File.
NETSVC: vetefile -> C:\Windows\system32\adminserver.dll ==> No File.
NETSVC: dvd_2K -> C:\Windows\system32\ialm.dll ==> No File.
NETSVC: HssSrv -> C:\Windows\system32\PQNTDrv.dll ==> No File.
NETSVC: cmdagent -> C:\Windows\system32\deckzpsx.dll ==> No File.
NETSVC: DynDNS_Updater_Service -> C:\Windows\system32\NsTrcNT.dll ==> No File.
NETSVC: nwdls -> C:\Windows\system32\richvideo.dll ==> No File.
NETSVC: dbmang -> C:\Windows\system32\nvport.dll ==> No File.
NETSVC: GTF32BUS -> C:\Windows\system32\rxfilter.dll ==> No File.
NETSVC: w810bus -> C:\Windows\system32\thinkpadmodemservice.dll ==> No File.
NETSVC: zd1211u(zydas) -> C:\Windows\system32\crystalinputfileserver.dll ==> No File.
NETSVC: rchost -> No Registry Path.
NETSVC: mcdbus -> No Registry Path.
NETSVC: asuskeyboardservice -> C:\Windows\system32\ghaio.dll ==> No File.
NETSVC: dtsrvc -> C:\Windows\system32\vpcbus.dll ==> No File.
NETSVC: rwbackupsrv -> C:\Windows\system32\M2500.dll ==> No File.
NETSVC: LMS -> C:\Windows\system32\psdvdisk.dll ==> No File.
NETSVC: lvpr2mon -> C:\Windows\system32\symlcbrd.dll ==> No File.
NETSVC: crcdisk -> C:\Windows\system32\ivscheduler.dll ==> No File.
NETSVC: lxrjd31d -> C:\Windows\system32\toshidpt.dll ==> No File.
NETSVC: pdlndldl -> C:\Windows\system32\ssoftservice.dll ==> No File.
NETSVC: avupdsvc -> C:\Windows\system32\dmprimer.dll ==> No File.
NETSVC: nmraapache -> C:\Windows\system32\alcxsens.dll ==> No File.
NETSVC: L8042mou -> C:\Windows\system32\zfdwm.dll ==> No File.
NETSVC: SECYPUSB -> No Registry Path.
NETSVC: 2wirepcp -> C:\Windows\system32\PCASp50.dll ==> No File.
NETSVC: rt61 -> C:\Windows\system32\RimSerPort.dll ==> No File.
NETSVC: NICM -> C:\Windows\system32\licensemanagersocket.dll ==> No File.
NETSVC: dlaudfam -> C:\Windows\system32\as32svc.dll ==> No File.
NETSVC: pdlncbas -> C:\Windows\system32\CSDriver.dll ==> No File.
NETSVC: tfsncofs -> C:\Windows\system32\dot4scan.dll ==> No File.
NETSVC: fetnd5bv -> C:\Windows\system32\rimmptsk.dll ==> No File.
NETSVC: lvusbsta -> C:\Windows\system32\w550bus.dll ==> No File.
NETSVC: tapvpn -> C:\Windows\system32\fireport.dll ==> No File.
NETSVC: EhttpSrv -> C:\Windows\system32\CTEAPSFX.DLL.dll ==> No File.
NETSVC: AppnBase -> C:\Windows\system32\cdvp.dll ==> No File.
NETSVC: LVBulk -> C:\Windows\system32\MKEMUSB.dll ==> No File.
NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.
NETSVC: IntelC51 -> C:\Windows\system32\tosporte.dll ==> No File.
NETSVC: ssm_mdm -> C:\Windows\system32\ibmsmbus.dll ==> No File.
NETSVC: fcprintservice -> C:\Windows\system32\axsnmsvc.dll ==> No File.
NETSVC: ELmou -> C:\Windows\system32\spkrmon.dll ==> No File.
NETSVC: mrpostman -> C:\Windows\system32\wanminiportservice.dll ==> No File.
NETSVC: SWNC8U51 -> C:\Windows\system32\mediamaxxlservice.dll ==> No File.
NETSVC: slssvc -> C:\Windows\system32\ati2mtaa.dll ==> No File.
NETSVC: blueletscoaudio -> C:\Windows\system32\id2scaps.dll ==> No File.
NETSVC: hmonitor -> C:\Windows\system32\tmxpflt.dll ==> No File.
NETSVC: ldlcserv -> C:\Windows\system32\ATKFUSService.dll ==> No File.
NETSVC: snac -> C:\Windows\system32\z525mdm.dll ==> No File.
NETSVC: nvstor32 -> C:\Windows\system32\EMATCORE.dll ==> No File.
NETSVC: webrootcommagentservice -> C:\Windows\system32\CTEAPSFX.DLL.dll ==> No File.
NETSVC: eliservice -> C:\Windows\system32\backupexecagentaccelerator.dll ==> No File.
NETSVC: compbatt -> C:\Windows\system32\DCamUSBSQTECH.dll ==> No File.
NETSVC: NEOFLTR_600_13319 -> C:\Windows\system32\atalk.dll ==> No File.
NETSVC: COMMONFX.DLL -> C:\Windows\system32\UCTblHid.dll ==> No File.
NETSVC: w550mdm -> C:\Windows\system32\datasvr.dll ==> No File.
NETSVC: dpfusmgr -> C:\Windows\system32\windrvNT.dll ==> No File.
NETSVC: s217mgmt -> C:\Windows\system32\SrvcEPIOMngr.dll ==> No File.
NETSVC: winvnc4 -> C:\Windows\system32\dwmrcs.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\ImgBurn
2012-06-12 16:09 - 2012-06-12 16:09 - 00001528 ____A C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2012-06-12 16:09 - 2012-06-12 16:09 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-12 15:52 - 2012-06-12 17:34 - 00044589 ____A C:\Windows\setupapi.log
2012-06-12 15:42 - 2012-06-12 15:42 - 00000000 ____D C:\Program Files\Windows Resource Kits
2012-06-12 15:28 - 2012-06-12 15:30 - 00000000 ____D C:\dellxpcd
2012-06-12 15:14 - 2012-06-12 15:14 - 00001241 ____A C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
2012-06-12 15:11 - 2012-06-12 15:59 - 00000000 ____D C:\UBCD4Win
2012-06-12 15:09 - 2012-06-12 15:09 - 282427301 ____A (UBCD4Win Team - Benjamin Burrows ) C:\Documents and Settings\Brent & Sharon\Desktop\UBCD4WinV360.exe
2012-06-12 14:00 - 2012-06-12 14:00 - 00000000 ____D C:\FRST
2012-06-12 02:15 - 2012-06-12 02:15 - 00001864 ____A C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.txt
2012-06-12 02:15 - 2012-06-12 02:15 - 00000512 ____A C:\Documents and Settings\Brent & Sharon\Desktop\MBR.dat
2012-06-12 01:54 - 2012-06-12 01:54 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.exe
2012-06-12 00:27 - 2012-06-12 00:32 - 00169926 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.27.41_log.txt
2012-06-12 00:13 - 2012-06-12 00:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 00:12 - 2012-06-12 00:14 - 00090064 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.12.06_log.txt
2012-06-12 00:11 - 2012-06-12 00:11 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Brent & Sharon\Desktop\tdsskiller.exe
2012-06-11 21:03 - 2012-06-11 21:03 - 00010801 ____A C:\Documents and Settings\Brent & Sharon\Desktop\ark.txt
2012-06-11 20:22 - 2012-06-11 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\gmer
2012-06-11 20:21 - 2012-06-11 20:21 - 00294216 ____A C:\Documents and Settings\Brent & Sharon\Desktop\gmer.zip
2012-06-11 20:14 - 2012-06-11 20:14 - 00050477 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Defogger.exe
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2718704$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2695962$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-06-11 18:08 - 2012-06-11 18:24 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\NPE
2012-06-11 18:08 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-06-11 17:25 - 2012-06-11 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2012-06-11 14:06 - 2012-06-11 13:49 - 00017036 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Oakley Script.jpg
2012-06-11 13:38 - 2012-06-11 13:38 - 00034764 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\dt.dat
2012-06-09 17:42 - 2012-06-09 17:42 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-06-09 17:41 - 2012-06-09 17:45 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-06-09 17:41 - 2012-06-09 17:41 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-06-09 17:41 - 2012-05-26 13:45 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-06-09 17:41 - 2012-03-05 22:42 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2012-06-09 17:41 - 2012-03-05 19:20 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\History
2012-06-09 17:41 - 2012-03-05 19:18 - 00000000 ___HD C:\Documents and Settings\Administrator\Templates
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\Administrator\PrintHood
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\Administrator\NetHood
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents
2012-06-09 17:37 - 2012-06-09 17:37 - 01266056 ____A (Microsoft Corporation) C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-09 17:37 - 2012-06-09 17:37 - 00003038 ____A C:\fix_svchost.bat
2012-06-09 17:36 - 2012-06-09 17:36 - 06216032 ____A (Microsoft Corporation) C:\windowsupdateagent30-x86.exe
2012-06-09 17:26 - 2012-06-09 17:26 - 00000000 ____D C:\Windows\pss
2012-06-07 23:01 - 2012-06-11 20:15 - 00000490 ____A C:\Documents and Settings\Brent & Sharon\Desktop\defogger_disable.log
2012-06-07 23:01 - 2012-06-07 23:01 - 00000000 ____A C:\Documents and Settings\Brent & Sharon\defogger_reenable
2012-06-05 15:55 - 2012-06-05 20:53 - 00002465 ____A C:\Documents and Settings\Brent & Sharon\Desktop\HiJackThis.lnk
2012-06-05 15:55 - 2012-06-05 15:55 - 00000000 ____D C:\Program Files\Trend Micro
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 14:04 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 13:56 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000874 ____A C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000000 ____D C:\Program Files\IObit
2012-06-01 21:26 - 2012-06-01 21:26 - 00013832 ____A C:\ComboFix.txt
2012-05-30 20:23 - 2012-05-30 20:23 - 00634613 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Bike.JPG
2012-05-30 20:23 - 2012-05-30 20:23 - 00569215 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Stroller.JPG
2012-05-28 12:10 - 2012-06-08 17:00 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-05-28 12:10 - 2012-05-28 12:10 - 00001409 ____A C:\Windows\QTFont.for
2012-05-28 00:45 - 2012-05-28 00:45 - 00112914 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Combo Fix log 5272012.txt
2012-05-26 13:17 - 2010-11-07 17:20 - 00208896 ____A C:\Windows\MBR.exe
2012-05-26 13:17 - 2009-04-20 04:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00098816 ____A C:\Windows\sed.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00080412 ____A C:\Windows\grep.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00068096 ____A C:\Windows\zip.exe
2012-05-25 14:25 - 2012-06-12 17:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-25 14:25 - 2012-05-25 14:29 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-21 15:36 - 2012-05-21 15:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2012-05-18 07:13 - 2012-05-18 07:15 - 00000000 ____D C:\b496031748e97c47a6786b0700
2012-05-17 14:18 - 2012-05-17 14:18 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\PCHealth

============ 3 Months Modified Files and Folders ===============

2012-06-12 17:50 - 2012-03-05 21:55 - 01768928 ____A C:\Windows\WindowsUpdate.log
2012-06-12 17:50 - 2012-03-05 19:25 - 00032218 ____A C:\Windows\SchedLgU.Txt
2012-06-12 17:50 - 2012-03-05 19:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 17:50 - 2012-03-05 14:06 - 00000274 ____A C:\Windows\wiadebug.log
2012-06-12 17:50 - 2012-03-05 14:06 - 00000049 ____A C:\Windows\wiaservc.log
2012-06-12 17:46 - 2012-03-05 19:25 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-06-12 17:46 - 2012-03-05 19:25 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-06-12 17:45 - 2012-03-05 19:26 - 00000178 __ASH C:\Documents and Settings\Brent & Sharon\ntuser.ini
2012-06-12 17:34 - 2012-06-12 15:52 - 00044589 ____A C:\Windows\setupapi.log
2012-06-12 17:29 - 2012-05-25 14:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-12 17:16 - 2012-03-06 17:06 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\ImgBurn
2012-06-12 16:09 - 2012-06-12 16:09 - 00001528 ____A C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2012-06-12 16:09 - 2012-06-12 16:09 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-12 15:59 - 2012-06-12 15:11 - 00000000 ____D C:\UBCD4Win
2012-06-12 15:42 - 2012-06-12 15:42 - 00000000 ____D C:\Program Files\Windows Resource Kits
2012-06-12 15:42 - 2012-03-06 01:27 - 00000000 ____D C:\Config.Msi
2012-06-12 15:30 - 2012-06-12 15:28 - 00000000 ____D C:\dellxpcd
2012-06-12 15:14 - 2012-06-12 15:14 - 00001241 ____A C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
2012-06-12 15:10 - 2012-03-06 17:13 - 00000000 ____D C:\Program Files\Microsoft Money Plus
2012-06-12 15:10 - 2012-03-06 16:53 - 00000000 ____D C:\Program Files\Microsoft Money
2012-06-12 15:09 - 2012-06-12 15:09 - 282427301 ____A (UBCD4Win Team - Benjamin Burrows ) C:\Documents and Settings\Brent & Sharon\Desktop\UBCD4WinV360.exe
2012-06-12 14:35 - 2012-03-06 00:45 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-12 14:35 - 2012-03-06 00:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2012-06-12 14:29 - 2012-03-06 17:06 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 14:29 - 2012-03-06 01:41 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\ApplicationHistory
2012-06-12 14:29 - 2012-03-05 19:26 - 00000062 __ASH C:\Documents and Settings\Brent & Sharon\Local Settings\desktop.ini
2012-06-12 14:00 - 2012-06-12 14:00 - 00000000 ____D C:\FRST
2012-06-12 02:15 - 2012-06-12 02:15 - 00001864 ____A C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.txt
2012-06-12 02:15 - 2012-06-12 02:15 - 00000512 ____A C:\Documents and Settings\Brent & Sharon\Desktop\MBR.dat
2012-06-12 01:54 - 2012-06-12 01:54 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.exe
2012-06-12 00:32 - 2012-06-12 00:27 - 00169926 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.27.41_log.txt
2012-06-12 00:14 - 2012-06-12 00:12 - 00090064 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.12.06_log.txt
2012-06-12 00:14 - 2012-03-06 04:12 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-06-12 00:13 - 2012-06-12 00:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 00:11 - 2012-06-12 00:11 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Brent & Sharon\Desktop\tdsskiller.exe
2012-06-11 21:03 - 2012-06-11 21:03 - 00010801 ____A C:\Documents and Settings\Brent & Sharon\Desktop\ark.txt
2012-06-11 20:22 - 2012-06-11 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\gmer
2012-06-11 20:21 - 2012-06-11 20:21 - 00294216 ____A C:\Documents and Settings\Brent & Sharon\Desktop\gmer.zip
2012-06-11 20:15 - 2012-06-07 23:01 - 00000490 ____A C:\Documents and Settings\Brent & Sharon\Desktop\defogger_disable.log
2012-06-11 20:14 - 2012-06-11 20:14 - 00050477 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Defogger.exe
2012-06-11 18:56 - 2012-03-05 14:04 - 00122928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-06-11 18:47 - 2012-03-06 02:23 - 00000000 ____D C:\Windows\ie8updates
2012-06-11 18:47 - 2012-03-05 23:17 - 00000000 ___HD C:\Windows\$hf_mig$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2718704$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2695962$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-06-11 18:25 - 2012-06-11 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2012-06-11 18:24 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\NPE
2012-06-11 18:18 - 2012-03-05 14:03 - 00000327 _RASH C:\boot.ini
2012-06-11 18:08 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-06-11 17:04 - 2012-03-06 15:07 - 00000000 __HDC C:\Windows\$NtUninstallKB961501_0$
2012-06-11 14:08 - 2012-03-06 00:45 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
2012-06-11 13:49 - 2012-06-11 14:06 - 00017036 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Oakley Script.jpg
2012-06-11 13:38 - 2012-06-11 13:38 - 00034764 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\dt.dat
2012-06-09 17:45 - 2012-06-09 17:41 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-06-09 17:43 - 2012-03-05 19:21 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-06-09 17:43 - 2012-03-05 19:21 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-06-09 17:42 - 2012-06-09 17:42 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-06-09 17:41 - 2012-06-09 17:41 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-06-09 17:37 - 2012-06-09 17:37 - 01266056 ____A (Microsoft Corporation) C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-09 17:37 - 2012-06-09 17:37 - 00003038 ____A C:\fix_svchost.bat
2012-06-09 17:36 - 2012-06-09 17:36 - 06216032 ____A (Microsoft Corporation) C:\windowsupdateagent30-x86.exe
2012-06-09 17:26 - 2012-06-09 17:26 - 00000000 ____D C:\Windows\pss
2012-06-08 17:52 - 2003-07-16 20:53 - 00002300 ____A C:\Windows\System32\wpa.dbl
2012-06-08 17:33 - 2012-03-30 15:37 - 00000133 ____A C:\DeletePrintJobs.cmd
2012-06-08 17:00 - 2012-05-28 12:10 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-06-07 23:01 - 2012-06-07 23:01 - 00000000 ____A C:\Documents and Settings\Brent & Sharon\defogger_reenable
2012-06-06 20:52 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\All Users\Templates
2012-06-05 22:50 - 2012-04-12 00:41 - 00000000 ___HD C:\$AVG
2012-06-05 20:53 - 2012-06-05 15:55 - 00002465 ____A C:\Documents and Settings\Brent & Sharon\Desktop\HiJackThis.lnk
2012-06-05 15:55 - 2012-06-05 15:55 - 00000000 ____D C:\Program Files\Trend Micro
2012-06-05 14:19 - 2012-03-19 22:24 - 00000000 ____D C:\Windows\Minidump
2012-06-05 14:18 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Pictures
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2012-06-05 14:05 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\Start Menu
2012-06-05 14:05 - 2012-03-05 19:26 - 00000000 ___HD C:\Documents and Settings\Brent & Sharon\Templates
2012-06-05 14:05 - 2012-03-05 14:05 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu
2012-06-05 14:04 - 2012-06-05 13:56 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 13:56 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000874 ____A C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000000 ____D C:\Program Files\IObit
2012-06-04 13:43 - 2012-03-05 19:26 - 00000000 ___HD C:\Documents and Settings\Brent & Sharon\NetHood
2012-06-01 21:26 - 2012-06-01 21:26 - 00013832 ____A C:\ComboFix.txt
2012-06-01 21:26 - 2012-04-27 13:48 - 00000000 ____D C:\Qoobox
2012-06-01 21:22 - 2003-07-16 20:47 - 00000227 ____A C:\Windows\system.ini
2012-06-01 20:32 - 2012-04-27 13:46 - 04534253 ____R (Swearware) C:\Documents and Settings\Brent & Sharon\Desktop\ComboFix.exe
2012-05-31 13:22 - 2011-09-28 07:06 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
2012-05-31 13:22 - 2004-08-04 10:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-05-30 20:23 - 2012-05-30 20:23 - 00634613 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Bike.JPG
2012-05-30 20:23 - 2012-05-30 20:23 - 00569215 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Stroller.JPG
2012-05-30 20:20 - 2012-04-26 00:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-28 23:40 - 2012-03-06 01:41 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Albums
2012-05-28 12:10 - 2012-05-28 12:10 - 00001409 ____A C:\Windows\QTFont.for
2012-05-28 12:04 - 2012-03-10 19:45 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\Avery Templates
2012-05-28 00:45 - 2012-05-28 00:45 - 00112914 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Combo Fix log 5272012.txt
2012-05-28 00:30 - 2003-07-16 20:29 - 00000027 ____N C:\Windows\System32\Drivers\etc\hosts
2012-05-26 13:45 - 2012-06-09 17:41 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-05-26 13:45 - 2012-03-05 14:05 - 00000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-05-25 14:29 - 2012-05-25 14:25 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-25 14:29 - 2012-03-06 04:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-22 11:34 - 2004-08-04 10:00 - 00000000 __SHD C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}
2012-05-21 20:03 - 2012-04-20 01:02 - 00000000 ____D C:\Windows\System32\%APPDATA%
2012-05-21 20:01 - 2012-03-06 03:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-05-21 20:00 - 2012-03-06 16:38 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2012-05-21 20:00 - 2012-03-06 04:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-21 16:30 - 2012-03-06 01:32 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-21 15:36 - 2012-05-21 15:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2012-05-21 14:49 - 2012-03-07 02:23 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Scans
2012-05-18 14:02 - 2012-03-24 07:05 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-18 13:51 - 2012-03-06 02:20 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-18 13:48 - 2012-03-05 14:05 - 00581146 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-18 07:15 - 2012-05-18 07:13 - 00000000 ____D C:\b496031748e97c47a6786b0700
2012-05-17 14:18 - 2012-05-17 14:18 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\PCHealth
2012-05-16 11:52 - 2012-03-06 16:38 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2012-04-27 14:53 - 2012-04-27 13:49 - 00000000 ____D C:\Windows\ERDNT
2012-04-27 14:45 - 2012-03-05 19:26 - 00000000 __SHD C:\Documents and Settings\Brent & Sharon\Local Settings\Temporary Internet Files
2012-04-27 14:43 - 2012-04-27 14:11 - 00008192 ___AH C:\Windows\System32\config\security.tmp.LOG
2012-04-27 14:43 - 2012-03-05 14:04 - 00049152 ____A C:\Windows\System32\config\security.bak
2012-04-27 14:43 - 2012-03-05 14:04 - 00024576 ____A C:\Windows\System32\config\sam.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 30470144 ____A C:\Windows\System32\config\software.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 06291456 ____A C:\Windows\System32\config\system.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 00487424 ____A C:\Windows\System32\config\default.bak
2012-04-27 14:11 - 2012-04-27 14:11 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG
2012-04-27 14:11 - 2012-03-05 17:40 - 00008192 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-04-27 13:55 - 2012-04-27 13:55 - 00000000 RASHD C:\cmdcons
2012-04-27 13:46 - 2012-04-27 13:46 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Videos
2012-04-27 13:46 - 2012-04-27 13:46 - 00000000 ___RD C:\Documents and Settings\All Users\Documents\My Videos
2012-04-27 13:46 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents
2012-04-27 00:53 - 2012-03-08 14:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-26 20:28 - 2012-03-06 00:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2012
2012-04-26 00:35 - 2012-04-26 00:35 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\SUPERAntiSpyware.com
2012-04-26 00:34 - 2012-04-26 00:34 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-26 00:34 - 2012-04-26 00:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-26 00:21 - 2012-04-25 14:32 - 00000000 ____D C:\Program Files\PC Tools
2012-04-26 00:21 - 2012-04-25 14:25 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-04-26 00:18 - 2012-04-25 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-04-25 15:12 - 2012-04-25 15:12 - 00127687 ____A C:\Documents and Settings\Brent & Sharon\My Documents\Spy Doctor Scan.htm
2012-04-25 14:53 - 2012-04-25 14:53 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Threat Expert
2012-04-25 14:27 - 2012-04-25 14:26 - 00586105 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-25 14:24 - 2012-04-25 14:24 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\TestApp
2012-04-25 13:59 - 2012-03-06 03:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-04-20 13:00 - 2012-03-07 08:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2012-04-20 02:21 - 2012-04-20 02:21 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2012-04-20 02:20 - 2012-04-20 02:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-04-20 02:20 - 2012-04-20 02:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-04-20 01:35 - 2012-03-18 22:33 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\Scans_3-15-2012
2012-04-19 20:24 - 2012-03-06 03:15 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-19 20:24 - 2012-03-06 03:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-19 08:50 - 2012-04-19 08:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-04-18 11:54 - 2012-04-18 11:50 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2012-04-18 11:33 - 2012-03-06 00:01 - 00019632 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-17 23:16 - 2012-04-17 23:16 - 00001682 ____A C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Program Files\PDF995
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Program Files\HRBlock2011
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\HRBlock
2012-04-17 23:08 - 2012-04-17 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TaxCut
2012-04-17 22:56 - 2012-04-17 22:56 - 32934824 ____A (HRB Technology, LLC. ) C:\Documents and Settings\Brent & Sharon\Desktop\HRB_At_Home_2011DES_D.exe
2012-04-11 13:14 - 2012-03-06 01:57 - 02148352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-04-11 13:12 - 2010-05-02 05:22 - 01862272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-04-11 13:12 - 2004-08-04 10:00 - 01862272 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-11 13:10 - 2012-03-06 01:57 - 02192640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-04-11 13:10 - 2005-03-30 01:23 - 02192640 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 12:35 - 2012-03-06 01:57 - 02026496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-04-11 12:35 - 2009-02-08 00:02 - 02069120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-04-11 12:35 - 2005-03-30 01:01 - 02069120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-04 19:56 - 2012-03-06 03:15 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 21:02 - 2012-04-03 21:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-04-03 21:02 - 2012-04-03 21:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-03-25 07:14 - 2012-03-25 07:14 - 00000000 __HDC C:\Windows\$NtUninstallKB961118$
2012-03-24 07:05 - 2012-03-24 07:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-03-24 07:05 - 2012-03-24 07:05 - 00000000 ____D C:\Program Files\MSBuild
2012-03-24 07:05 - 2012-03-24 07:04 - 00000000 ____D C:\f53e7bb1d536157ee8866a6979fa
2012-03-24 07:05 - 2012-03-05 14:00 - 00000000 ____D C:\Windows\System32\spool
2012-03-24 07:02 - 2012-03-05 19:19 - 00000000 ____D C:\Windows\PCHealth
2012-03-23 11:46 - 2012-03-06 17:05 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Google
2012-03-22 19:12 - 2012-03-22 19:12 - 04435968 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr
2012-03-21 21:32 - 2012-03-21 21:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-03-21 21:32 - 2012-03-20 20:21 - 00000000 ____D C:\Program Files\iTunes
2012-03-21 21:31 - 2012-03-21 15:43 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
2012-03-21 21:23 - 2012-03-21 21:23 - 00001542 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-03-21 21:23 - 2012-03-21 21:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-21 21:22 - 2012-03-21 21:22 - 00000000 ____D C:\Program Files\iPod
2012-03-21 21:14 - 2012-03-21 21:14 - 00000000 ____D C:\Program Files\Apple Software Update
2012-03-21 21:08 - 2012-03-21 21:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-03-21 21:07 - 2012-03-21 21:07 - 00000000 ____D C:\Program Files\Bonjour
2012-03-21 21:06 - 2012-03-20 20:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-21 20:52 - 2012-03-21 20:52 - 02617176 ____A (VS Revo Group Ltd.) C:\Documents and Settings\Brent & Sharon\My Documents\revosetup.exe
2012-03-21 20:52 - 2012-03-21 20:52 - 00000917 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Revo Uninstaller.lnk
2012-03-21 20:52 - 2012-03-21 20:52 - 00000000 ____D C:\Program Files\VS Revo Group
2012-03-21 20:43 - 2012-03-21 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-03-21 20:43 - 2012-03-05 14:05 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-21 20:42 - 2012-03-05 19:19 - 00000000 ____D C:\Program Files\Common Files\System
2012-03-21 20:42 - 2003-07-16 20:51 - 00000542 ____A C:\Windows\win.ini
2012-03-21 20:40 - 2012-03-19 23:21 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-03-21 16:12 - 2012-03-21 16:11 - 987942848 ____A (Microsoft Corporation) C:\Documents and Settings\Brent & Sharon\Desktop\Office 2010 Download.exe
2012-03-21 15:34 - 2012-03-21 15:34 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Microsoft Help
2012-03-20 20:23 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Music
2012-03-20 20:22 - 2012-03-20 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Apple Computer
2012-03-20 20:22 - 2012-03-20 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\Apple Computer
2012-03-20 20:21 - 2012-03-20 20:20 - 00000000 ____D C:\Program Files\QuickTime
2012-03-20 20:21 - 2012-03-20 20:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-03-20 20:20 - 2012-03-20 20:20 - 00001604 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2012-03-20 20:19 - 2012-03-20 20:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Apple
2012-03-20 20:14 - 2012-03-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2012-03-20 17:50 - 2012-04-25 14:25 - 00203088 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-03-19 23:08 - 2012-03-11 01:59 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Downloads
2012-03-19 09:17 - 2011-07-11 06:14 - 00301248 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
2012-03-18 22:35 - 2012-03-06 17:08 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-03-18 22:33 - 2012-03-18 22:33 - 00000655 ____A C:\autoAlbum.log
2012-03-15 20:15 - 2012-03-15 20:15 - 00000000 ____D C:\Windows\Sun
2012-03-15 07:02 - 2012-03-15 07:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2641653$
2012-03-15 07:01 - 2012-03-15 07:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2647518$
2012-03-15 07:01 - 2012-03-15 07:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2621440$

ZeroAccess:
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L\00000004.@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L\1afb2d56
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U\00000004.@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U\000000cb.@

ZeroAccess:
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\@
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\L
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-06-05 22:52 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP99

RP: -> 2012-06-05 22:48 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP98

RP: -> 2012-05-28 01:09 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP93

RP: -> 2012-05-21 14:18 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP90

RP: -> 2012-05-18 13:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP89

RP: -> 2012-05-18 07:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP88

RP: -> 2012-05-17 12:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP87

RP: -> 2012-05-15 14:53 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP86

RP: -> 2012-05-04 21:53 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP80

RP: -> 2012-05-03 21:13 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP79

RP: -> 2012-04-26 00:14 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP76

RP: -> 2012-04-25 13:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP75

RP: -> 2012-04-24 14:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP74

RP: -> 2012-04-17 10:39 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP72

RP: -> 2012-04-16 09:40 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP71

RP: -> 2012-04-15 08:41 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP70

RP: -> 2012-04-14 07:42 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP69

RP: -> 2012-04-13 07:38 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP68

RP: -> 2012-04-12 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP67

RP: -> 2012-04-08 15:25 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP63

RP: -> 2012-04-07 14:50 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP62

RP: -> 2012-04-06 00:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP61

RP: -> 2012-04-04 23:31 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP60

RP: -> 2012-04-03 16:11 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP59

RP: -> 2012-04-02 14:49 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP58

RP: -> 2012-04-01 12:43 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP57

RP: -> 2012-03-31 11:43 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP56

RP: -> 2012-03-30 11:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP55

RP: -> 2012-03-29 10:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP54

RP: -> 2012-03-28 09:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP53

RP: -> 2012-03-27 08:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP52

RP: -> 2012-03-26 07:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP51

RP: -> 2012-03-25 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP50

RP: -> 2012-03-24 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP49

RP: -> 2012-03-23 22:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP48

RP: -> 2012-03-22 21:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP47

RP: -> 2012-03-21 21:19 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP46

RP: -> 2012-03-21 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP42

RP: -> 2012-03-20 20:21 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP41

RP: -> 2012-03-20 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP40

RP: -> 2012-03-19 23:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP39

RP: -> 2012-03-19 22:56 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP38

RP: -> 2012-03-19 10:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP37

RP: -> 2012-03-18 09:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP36

RP: -> 2012-03-17 08:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP35

RP: -> 2012-03-16 07:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP34

RP: -> 2012-03-15 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP33

RP: -> 2012-03-14 17:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP32

RP: -> 2012-06-12 15:41 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP108

RP: -> 2012-06-11 18:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP107

RP: -> 2012-06-11 18:01 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP106

RP: -> 2012-06-11 17:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP105

RP: -> 2012-06-11 17:48 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP104

RP: -> 2012-06-11 17:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP103

RP: -> 2012-06-06 20:55 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP102

RP: -> 2012-06-06 20:49 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP101

RP: -> 2012-06-06 20:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP100


========================= Memory info ======================

Percentage of memory in use: 35%
Total physical RAM: 2046.09 MB
Available physical RAM: 1320.59 MB
Total Pagefile: 1875.7 MB
Available Pagefile: 1343.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.91 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT
3 Drive c: () (Fixed) (Total:465.75 GB) (Free:444.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32
6 Drive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
7 Drive x: (UBCD4Windows) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

======================================================================================================
======================= End Of Log ==========================

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 12 June 2012 - 02:13 PM

bmjoy,

Please download this file, and save it to your flashdrive:


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Boot your computer from the UBCD4Win, as we've done previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 12 June 2012 - 02:57 PM

Jason,
Here is the newest log.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012
Ran by SYSTEM at 12-06-2012 15:54:10
Running from D:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [49152 2004-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-05-26] (ATI Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [282624 2007-04-27] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Brent & Sharon\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-06] (Google Inc.)
HKU\Brent & Sharon\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-05-30] (SUPERAntiSpyware.com)
HKU\Brent & Sharon\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Brent & Sharon\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shdocvw.dll ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\PROGRAMS\HP\Digital Imaging\bin\hpqtra08.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\PROGRAMS\HP\Digital Imaging\bin\hpqthb08.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\PROGRAMS\TRENDnet\TEW-424UB\WlanCU.exe (No File)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-05-26] ()
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 bcm43xx; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
2 mcdbus; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 oracle_load_balancer_60_server-forms6ip14; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 rchost; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-08-28] ()
2 WLSVC; C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe [167936 2009-02-12] ()
2 2wirepcp; C:\Windows\System32\PCASp50.dll [x]
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
2 AppnBase; C:\Windows\System32\cdvp.dll [x]
2 asuskeyboardservice; C:\Windows\System32\ghaio.dll [x]
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [x]
2 avupdsvc; C:\Windows\System32\dmprimer.dll [x]
2 blueletscoaudio; C:\Windows\System32\id2scaps.dll [x]
2 caccprovsp; C:\Windows\System32\rkhdrv31.dll [x]
2 cmdagent; C:\Windows\System32\deckzpsx.dll [x]
2 COMMONFX.DLL; C:\Windows\System32\UCTblHid.dll [x]
2 compbatt; C:\Windows\System32\DCamUSBSQTECH.dll [x]
2 crcdisk; C:\Windows\System32\ivscheduler.dll [x]
2 dbmang; C:\Windows\System32\nvport.dll [x]
2 dlaudfam; C:\Windows\System32\as32svc.dll [x]
2 dpfusmgr; C:\Windows\System32\windrvNT.dll [x]
2 dtsrvc; C:\Windows\System32\vpcbus.dll [x]
2 dvd_2K; C:\Windows\System32\ialm.dll [x]
2 DynDNS_Updater_Service; C:\Windows\System32\NsTrcNT.dll [x]
2 EhttpSrv; C:\Windows\System32\CTEAPSFX.DLL.dll [x]
2 eliservice; C:\Windows\System32\backupexecagentaccelerator.dll [x]
2 ELmou; C:\Windows\System32\spkrmon.dll [x]
2 fcprintservice; C:\Windows\System32\axsnmsvc.dll [x]
2 fetnd5bv; C:\Windows\System32\rimmptsk.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 GTF32BUS; C:\Windows\System32\rxfilter.dll [x]
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
2 hmonitor; C:\Windows\System32\tmxpflt.dll [x]
2 HssSrv; C:\Windows\System32\PQNTDrv.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 incdfs; C:\Windows\System32\zebrceb.dll [x]
2 IntelC51; C:\Windows\System32\tosporte.dll [x]
2 iteatapi; C:\Windows\System32\areschatserver.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 L8042mou; C:\Windows\System32\zfdwm.dll [x]
2 ldlcserv; C:\Windows\System32\ATKFUSService.dll [x]
2 LMS; C:\Windows\System32\psdvdisk.dll [x]
2 LUsbFilt; C:\Windows\System32\usbohci.dll [x]
2 LVBulk; C:\Windows\System32\MKEMUSB.dll [x]
2 lvpr2mon; C:\Windows\System32\symlcbrd.dll [x]
2 lvusbsta; C:\Windows\System32\w550bus.dll [x]
2 lxdm_device; C:\Windows\System32\tosrfnds.dll [x]
2 lxrjd31d; C:\Windows\System32\toshidpt.dll [x]
2 mrpostman; C:\Windows\System32\wanminiportservice.dll [x]
2 mssqlserver; C:\Windows\System32\roxupnpserver.dll [x]
2 NEOFLTR_600_13319; C:\Windows\System32\atalk.dll [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 NICM; C:\Windows\System32\licensemanagersocket.dll [x]
2 nmraapache; C:\Windows\System32\alcxsens.dll [x]
2 nvstor32; C:\Windows\System32\EMATCORE.dll [x]
2 nwdls; C:\Windows\System32\richvideo.dll [x]
2 pdlncbas; C:\Windows\System32\CSDriver.dll [x]
2 pdlndldl; C:\Windows\System32\ssoftservice.dll [x]
3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [x]
2 rt61; C:\Windows\System32\RimSerPort.dll [x]
2 rwbackupsrv; C:\Windows\System32\M2500.dll [x]
2 s217mgmt; C:\Windows\System32\SrvcEPIOMngr.dll [x]
2 SABProcEnum; C:\Windows\System32\snapman380.dll [x]
2 slssvc; C:\Windows\System32\ati2mtaa.dll [x]
2 snac; C:\Windows\System32\z525mdm.dll [x]
2 sonicatheaterinstallerservice; C:\Windows\System32\ELmon.dll [x]
2 ssm_mdm; C:\Windows\System32\ibmsmbus.dll [x]
2 SWNC8U51; C:\Windows\System32\mediamaxxlservice.dll [x]
2 sysplant; C:\Windows\System32\eaps2kbd.dll [x]
2 tapvpn; C:\Windows\System32\fireport.dll [x]
2 tfsncofs; C:\Windows\System32\dot4scan.dll [x]
2 USB11LDR; C:\Windows\System32\s117mdm.dll [x]
2 VAIOMediaPlatform-MusicServer-UPnP; C:\Windows\System32\epsonstatusagent2.dll [x]
2 vds; C:\Windows\System32\MREMP50a64.dll [x]
2 vetefile; C:\Windows\System32\adminserver.dll [x]
2 vmm; C:\Windows\System32\NVR0Dev.dll [x]
2 w550mdm; C:\Windows\System32\datasvr.dll [x]
2 w810bus; C:\Windows\System32\thinkpadmodemservice.dll [x]
2 wacomvhid; C:\Windows\System32\Maplom.dll [x]
2 webrootcommagentservice; C:\Windows\System32\CTEAPSFX.DLL.dll [x]
2 winvnc4; C:\Windows\System32\dwmrcs.dll [x]
2 zd1211u(zydas); C:\Windows\System32\crystalinputfileserver.dll [x]

========================== Drivers (Whitelisted) =============

2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2012-03-05] (Cisco Systems, Inc.)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [729600 2004-05-26] (ATI Technologies Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [186112 2004-04-29] (Broadcom Corporation)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [264576 2007-07-19] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 WLNdis50; C:\Windows\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] ()
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\BRENT&~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: mssqlserver -> C:\Windows\system32\roxupnpserver.dll ==> No File.
NETSVC: sonicatheaterinstallerservice -> C:\Windows\system32\ELmon.dll ==> No File.
NETSVC: USB11LDR -> C:\Windows\system32\s117mdm.dll ==> No File.
NETSVC: SABProcEnum -> C:\Windows\system32\snapman380.dll ==> No File.
NETSVC: wacomvhid -> C:\Windows\system32\Maplom.dll ==> No File.
NETSVC: iteatapi -> C:\Windows\system32\areschatserver.dll ==> No File.
NETSVC: caccprovsp -> C:\Windows\system32\rkhdrv31.dll ==> No File.
NETSVC: incdfs -> C:\Windows\system32\zebrceb.dll ==> No File.
NETSVC: sysplant -> C:\Windows\system32\eaps2kbd.dll ==> No File.
NETSVC: LUsbFilt -> C:\Windows\system32\usbohci.dll ==> No File.
NETSVC: VAIOMediaPlatform-MusicServer-UPnP -> C:\Windows\system32\epsonstatusagent2.dll ==> No File.
NETSVC: vetefile -> C:\Windows\system32\adminserver.dll ==> No File.
NETSVC: dvd_2K -> C:\Windows\system32\ialm.dll ==> No File.
NETSVC: HssSrv -> C:\Windows\system32\PQNTDrv.dll ==> No File.
NETSVC: cmdagent -> C:\Windows\system32\deckzpsx.dll ==> No File.
NETSVC: DynDNS_Updater_Service -> C:\Windows\system32\NsTrcNT.dll ==> No File.
NETSVC: nwdls -> C:\Windows\system32\richvideo.dll ==> No File.
NETSVC: dbmang -> C:\Windows\system32\nvport.dll ==> No File.
NETSVC: GTF32BUS -> C:\Windows\system32\rxfilter.dll ==> No File.
NETSVC: w810bus -> C:\Windows\system32\thinkpadmodemservice.dll ==> No File.
NETSVC: zd1211u(zydas) -> C:\Windows\system32\crystalinputfileserver.dll ==> No File.
NETSVC: rchost -> No Registry Path.
NETSVC: mcdbus -> No Registry Path.
NETSVC: asuskeyboardservice -> C:\Windows\system32\ghaio.dll ==> No File.
NETSVC: dtsrvc -> C:\Windows\system32\vpcbus.dll ==> No File.
NETSVC: rwbackupsrv -> C:\Windows\system32\M2500.dll ==> No File.
NETSVC: LMS -> C:\Windows\system32\psdvdisk.dll ==> No File.
NETSVC: lvpr2mon -> C:\Windows\system32\symlcbrd.dll ==> No File.
NETSVC: crcdisk -> C:\Windows\system32\ivscheduler.dll ==> No File.
NETSVC: lxrjd31d -> C:\Windows\system32\toshidpt.dll ==> No File.
NETSVC: pdlndldl -> C:\Windows\system32\ssoftservice.dll ==> No File.
NETSVC: avupdsvc -> C:\Windows\system32\dmprimer.dll ==> No File.
NETSVC: nmraapache -> C:\Windows\system32\alcxsens.dll ==> No File.
NETSVC: L8042mou -> C:\Windows\system32\zfdwm.dll ==> No File.
NETSVC: SECYPUSB -> No Registry Path.
NETSVC: 2wirepcp -> C:\Windows\system32\PCASp50.dll ==> No File.
NETSVC: rt61 -> C:\Windows\system32\RimSerPort.dll ==> No File.
NETSVC: NICM -> C:\Windows\system32\licensemanagersocket.dll ==> No File.
NETSVC: dlaudfam -> C:\Windows\system32\as32svc.dll ==> No File.
NETSVC: pdlncbas -> C:\Windows\system32\CSDriver.dll ==> No File.
NETSVC: tfsncofs -> C:\Windows\system32\dot4scan.dll ==> No File.
NETSVC: fetnd5bv -> C:\Windows\system32\rimmptsk.dll ==> No File.
NETSVC: lvusbsta -> C:\Windows\system32\w550bus.dll ==> No File.
NETSVC: tapvpn -> C:\Windows\system32\fireport.dll ==> No File.
NETSVC: EhttpSrv -> C:\Windows\system32\CTEAPSFX.DLL.dll ==> No File.
NETSVC: AppnBase -> C:\Windows\system32\cdvp.dll ==> No File.
NETSVC: LVBulk -> C:\Windows\system32\MKEMUSB.dll ==> No File.
NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.
NETSVC: IntelC51 -> C:\Windows\system32\tosporte.dll ==> No File.
NETSVC: ssm_mdm -> C:\Windows\system32\ibmsmbus.dll ==> No File.
NETSVC: fcprintservice -> C:\Windows\system32\axsnmsvc.dll ==> No File.
NETSVC: ELmou -> C:\Windows\system32\spkrmon.dll ==> No File.
NETSVC: mrpostman -> C:\Windows\system32\wanminiportservice.dll ==> No File.
NETSVC: SWNC8U51 -> C:\Windows\system32\mediamaxxlservice.dll ==> No File.
NETSVC: slssvc -> C:\Windows\system32\ati2mtaa.dll ==> No File.
NETSVC: blueletscoaudio -> C:\Windows\system32\id2scaps.dll ==> No File.
NETSVC: hmonitor -> C:\Windows\system32\tmxpflt.dll ==> No File.
NETSVC: ldlcserv -> C:\Windows\system32\ATKFUSService.dll ==> No File.
NETSVC: snac -> C:\Windows\system32\z525mdm.dll ==> No File.
NETSVC: nvstor32 -> C:\Windows\system32\EMATCORE.dll ==> No File.
NETSVC: webrootcommagentservice -> C:\Windows\system32\CTEAPSFX.DLL.dll ==> No File.
NETSVC: eliservice -> C:\Windows\system32\backupexecagentaccelerator.dll ==> No File.
NETSVC: compbatt -> C:\Windows\system32\DCamUSBSQTECH.dll ==> No File.
NETSVC: NEOFLTR_600_13319 -> C:\Windows\system32\atalk.dll ==> No File.
NETSVC: COMMONFX.DLL -> C:\Windows\system32\UCTblHid.dll ==> No File.
NETSVC: w550mdm -> C:\Windows\system32\datasvr.dll ==> No File.
NETSVC: dpfusmgr -> C:\Windows\system32\windrvNT.dll ==> No File.
NETSVC: s217mgmt -> C:\Windows\system32\SrvcEPIOMngr.dll ==> No File.
NETSVC: winvnc4 -> C:\Windows\system32\dwmrcs.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\ImgBurn
2012-06-12 16:09 - 2012-06-12 16:09 - 00001528 ____A C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2012-06-12 16:09 - 2012-06-12 16:09 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-12 15:52 - 2012-06-12 17:34 - 00044589 ____A C:\Windows\setupapi.log
2012-06-12 15:42 - 2012-06-12 15:42 - 00000000 ____D C:\Program Files\Windows Resource Kits
2012-06-12 15:28 - 2012-06-12 15:30 - 00000000 ____D C:\dellxpcd
2012-06-12 15:14 - 2012-06-12 15:14 - 00001241 ____A C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
2012-06-12 15:11 - 2012-06-12 15:59 - 00000000 ____D C:\UBCD4Win
2012-06-12 15:09 - 2012-06-12 15:09 - 282427301 ____A (UBCD4Win Team - Benjamin Burrows ) C:\Documents and Settings\Brent & Sharon\Desktop\UBCD4WinV360.exe
2012-06-12 14:00 - 2012-06-12 14:01 - 00000000 ____D C:\FRST
2012-06-12 02:15 - 2012-06-12 02:15 - 00001864 ____A C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.txt
2012-06-12 02:15 - 2012-06-12 02:15 - 00000512 ____A C:\Documents and Settings\Brent & Sharon\Desktop\MBR.dat
2012-06-12 01:54 - 2012-06-12 01:54 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.exe
2012-06-12 00:27 - 2012-06-12 00:32 - 00169926 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.27.41_log.txt
2012-06-12 00:13 - 2012-06-12 00:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 00:12 - 2012-06-12 00:14 - 00090064 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.12.06_log.txt
2012-06-12 00:11 - 2012-06-12 00:11 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Brent & Sharon\Desktop\tdsskiller.exe
2012-06-11 21:03 - 2012-06-11 21:03 - 00010801 ____A C:\Documents and Settings\Brent & Sharon\Desktop\ark.txt
2012-06-11 20:22 - 2012-06-11 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\gmer
2012-06-11 20:21 - 2012-06-11 20:21 - 00294216 ____A C:\Documents and Settings\Brent & Sharon\Desktop\gmer.zip
2012-06-11 20:14 - 2012-06-11 20:14 - 00050477 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Defogger.exe
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2718704$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2695962$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-06-11 18:08 - 2012-06-11 18:24 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\NPE
2012-06-11 18:08 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-06-11 17:25 - 2012-06-11 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2012-06-11 14:06 - 2012-06-11 13:49 - 00017036 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Oakley Script.jpg
2012-06-11 13:38 - 2012-06-11 13:38 - 00034764 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\dt.dat
2012-06-09 17:42 - 2012-06-09 17:42 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-06-09 17:41 - 2012-06-09 17:45 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-06-09 17:41 - 2012-06-09 17:41 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-06-09 17:41 - 2012-05-26 13:45 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-06-09 17:41 - 2012-03-05 22:42 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2012-06-09 17:41 - 2012-03-05 19:20 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\History
2012-06-09 17:41 - 2012-03-05 19:18 - 00000000 ___HD C:\Documents and Settings\Administrator\Templates
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\Administrator\PrintHood
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\Administrator\NetHood
2012-06-09 17:41 - 2012-03-05 14:05 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents
2012-06-09 17:37 - 2012-06-09 17:37 - 01266056 ____A (Microsoft Corporation) C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-09 17:37 - 2012-06-09 17:37 - 00003038 ____A C:\fix_svchost.bat
2012-06-09 17:36 - 2012-06-09 17:36 - 06216032 ____A (Microsoft Corporation) C:\windowsupdateagent30-x86.exe
2012-06-09 17:26 - 2012-06-09 17:26 - 00000000 ____D C:\Windows\pss
2012-06-07 23:01 - 2012-06-11 20:15 - 00000490 ____A C:\Documents and Settings\Brent & Sharon\Desktop\defogger_disable.log
2012-06-07 23:01 - 2012-06-07 23:01 - 00000000 ____A C:\Documents and Settings\Brent & Sharon\defogger_reenable
2012-06-05 15:55 - 2012-06-05 20:53 - 00002465 ____A C:\Documents and Settings\Brent & Sharon\Desktop\HiJackThis.lnk
2012-06-05 15:55 - 2012-06-05 15:55 - 00000000 ____D C:\Program Files\Trend Micro
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 14:04 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 13:56 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000874 ____A C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000000 ____D C:\Program Files\IObit
2012-06-01 21:26 - 2012-06-01 21:26 - 00013832 ____A C:\ComboFix.txt
2012-05-30 20:23 - 2012-05-30 20:23 - 00634613 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Bike.JPG
2012-05-30 20:23 - 2012-05-30 20:23 - 00569215 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Stroller.JPG
2012-05-28 12:10 - 2012-06-08 17:00 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-05-28 12:10 - 2012-05-28 12:10 - 00001409 ____A C:\Windows\QTFont.for
2012-05-28 00:45 - 2012-05-28 00:45 - 00112914 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Combo Fix log 5272012.txt
2012-05-26 13:17 - 2010-11-07 17:20 - 00208896 ____A C:\Windows\MBR.exe
2012-05-26 13:17 - 2009-04-20 04:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00098816 ____A C:\Windows\sed.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00080412 ____A C:\Windows\grep.exe
2012-05-26 13:17 - 2000-08-31 00:00 - 00068096 ____A C:\Windows\zip.exe
2012-05-25 14:25 - 2012-06-12 17:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-25 14:25 - 2012-05-25 14:29 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-21 15:36 - 2012-05-21 15:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2012-05-18 07:13 - 2012-05-18 07:15 - 00000000 ____D C:\b496031748e97c47a6786b0700
2012-05-17 14:18 - 2012-05-17 14:18 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\PCHealth

============ 3 Months Modified Files and Folders ===============

2012-06-12 19:45 - 2012-03-05 21:55 - 01771680 ____A C:\Windows\WindowsUpdate.log
2012-06-12 19:45 - 2012-03-05 19:26 - 00000178 __ASH C:\Documents and Settings\Brent & Sharon\ntuser.ini
2012-06-12 19:42 - 2012-03-06 17:06 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 19:42 - 2012-03-06 01:41 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\ApplicationHistory
2012-06-12 19:42 - 2012-03-05 19:26 - 00000062 __ASH C:\Documents and Settings\Brent & Sharon\Local Settings\desktop.ini
2012-06-12 19:42 - 2012-03-05 19:25 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-06-12 19:42 - 2012-03-05 19:25 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-06-12 19:42 - 2012-03-05 19:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 19:42 - 2012-03-05 14:06 - 00000159 ____A C:\Windows\wiadebug.log
2012-06-12 19:42 - 2012-03-05 14:06 - 00000049 ____A C:\Windows\wiaservc.log
2012-06-12 17:50 - 2012-03-05 19:25 - 00032218 ____A C:\Windows\SchedLgU.Txt
2012-06-12 17:34 - 2012-06-12 15:52 - 00044589 ____A C:\Windows\setupapi.log
2012-06-12 17:29 - 2012-05-25 14:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-12 17:16 - 2012-03-06 17:06 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 16:19 - 2012-06-12 16:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\ImgBurn
2012-06-12 16:09 - 2012-06-12 16:09 - 00001528 ____A C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2012-06-12 16:09 - 2012-06-12 16:09 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-12 15:59 - 2012-06-12 15:11 - 00000000 ____D C:\UBCD4Win
2012-06-12 15:42 - 2012-06-12 15:42 - 00000000 ____D C:\Program Files\Windows Resource Kits
2012-06-12 15:42 - 2012-03-06 01:27 - 00000000 ____D C:\Config.Msi
2012-06-12 15:30 - 2012-06-12 15:28 - 00000000 ____D C:\dellxpcd
2012-06-12 15:14 - 2012-06-12 15:14 - 00001241 ____A C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
2012-06-12 15:10 - 2012-03-06 17:13 - 00000000 ____D C:\Program Files\Microsoft Money Plus
2012-06-12 15:10 - 2012-03-06 16:53 - 00000000 ____D C:\Program Files\Microsoft Money
2012-06-12 15:09 - 2012-06-12 15:09 - 282427301 ____A (UBCD4Win Team - Benjamin Burrows ) C:\Documents and Settings\Brent & Sharon\Desktop\UBCD4WinV360.exe
2012-06-12 14:35 - 2012-03-06 00:45 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-12 14:35 - 2012-03-06 00:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2012-06-12 14:01 - 2012-06-12 14:00 - 00000000 ____D C:\FRST
2012-06-12 02:15 - 2012-06-12 02:15 - 00001864 ____A C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.txt
2012-06-12 02:15 - 2012-06-12 02:15 - 00000512 ____A C:\Documents and Settings\Brent & Sharon\Desktop\MBR.dat
2012-06-12 01:54 - 2012-06-12 01:54 - 04731392 ____A (AVAST Software) C:\Documents and Settings\Brent & Sharon\Desktop\aswMBR.exe
2012-06-12 00:32 - 2012-06-12 00:27 - 00169926 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.27.41_log.txt
2012-06-12 00:14 - 2012-06-12 00:12 - 00090064 ____A C:\TDSSKiller.2.7.36.0_11.06.2012_20.12.06_log.txt
2012-06-12 00:14 - 2012-03-06 04:12 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-06-12 00:13 - 2012-06-12 00:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 00:11 - 2012-06-12 00:11 - 02127960 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Brent & Sharon\Desktop\tdsskiller.exe
2012-06-11 21:03 - 2012-06-11 21:03 - 00010801 ____A C:\Documents and Settings\Brent & Sharon\Desktop\ark.txt
2012-06-11 20:22 - 2012-06-11 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\gmer
2012-06-11 20:21 - 2012-06-11 20:21 - 00294216 ____A C:\Documents and Settings\Brent & Sharon\Desktop\gmer.zip
2012-06-11 20:15 - 2012-06-07 23:01 - 00000490 ____A C:\Documents and Settings\Brent & Sharon\Desktop\defogger_disable.log
2012-06-11 20:14 - 2012-06-11 20:14 - 00050477 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Defogger.exe
2012-06-11 18:56 - 2012-03-05 14:04 - 00122928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2686509$
2012-06-11 18:47 - 2012-06-11 18:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2659262$
2012-06-11 18:47 - 2012-03-06 02:23 - 00000000 ____D C:\Windows\ie8updates
2012-06-11 18:47 - 2012-03-05 23:17 - 00000000 ___HD C:\Windows\$hf_mig$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2718704$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2695962$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2676562$
2012-06-11 18:46 - 2012-06-11 18:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2653956$
2012-06-11 18:25 - 2012-06-11 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2012-06-11 18:24 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\NPE
2012-06-11 18:18 - 2012-03-05 14:03 - 00000327 _RASH C:\boot.ini
2012-06-11 18:08 - 2012-06-11 18:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-06-11 17:04 - 2012-03-06 15:07 - 00000000 __HDC C:\Windows\$NtUninstallKB961501_0$
2012-06-11 14:08 - 2012-03-06 00:45 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
2012-06-11 13:49 - 2012-06-11 14:06 - 00017036 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Oakley Script.jpg
2012-06-11 13:38 - 2012-06-11 13:38 - 00034764 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\dt.dat
2012-06-09 17:45 - 2012-06-09 17:41 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-06-09 17:43 - 2012-03-05 19:21 - 00023392 ____A C:\Windows\System32\nscompat.tlb
2012-06-09 17:43 - 2012-03-05 19:21 - 00016832 ____A C:\Windows\System32\amcompat.tlb
2012-06-09 17:42 - 2012-06-09 17:42 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-06-09 17:41 - 2012-06-09 17:41 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-06-09 17:37 - 2012-06-09 17:37 - 01266056 ____A (Microsoft Corporation) C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-09 17:37 - 2012-06-09 17:37 - 00003038 ____A C:\fix_svchost.bat
2012-06-09 17:36 - 2012-06-09 17:36 - 06216032 ____A (Microsoft Corporation) C:\windowsupdateagent30-x86.exe
2012-06-09 17:26 - 2012-06-09 17:26 - 00000000 ____D C:\Windows\pss
2012-06-08 17:52 - 2003-07-16 20:53 - 00002300 ____A C:\Windows\System32\wpa.dbl
2012-06-08 17:33 - 2012-03-30 15:37 - 00000133 ____A C:\DeletePrintJobs.cmd
2012-06-08 17:00 - 2012-05-28 12:10 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-06-07 23:01 - 2012-06-07 23:01 - 00000000 ____A C:\Documents and Settings\Brent & Sharon\defogger_reenable
2012-06-06 20:52 - 2012-03-05 14:05 - 00000000 ___HD C:\Documents and Settings\All Users\Templates
2012-06-05 22:50 - 2012-04-12 00:41 - 00000000 ___HD C:\$AVG
2012-06-05 20:53 - 2012-06-05 15:55 - 00002465 ____A C:\Documents and Settings\Brent & Sharon\Desktop\HiJackThis.lnk
2012-06-05 15:55 - 2012-06-05 15:55 - 00000000 ____D C:\Program Files\Trend Micro
2012-06-05 14:19 - 2012-03-19 22:24 - 00000000 ____D C:\Windows\Minidump
2012-06-05 14:18 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Pictures
2012-06-05 14:05 - 2012-06-05 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2012-06-05 14:05 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\Start Menu
2012-06-05 14:05 - 2012-03-05 19:26 - 00000000 ___HD C:\Documents and Settings\Brent & Sharon\Templates
2012-06-05 14:05 - 2012-03-05 14:05 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu
2012-06-05 14:04 - 2012-06-05 13:56 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\IObit
2012-06-05 13:56 - 2012-06-05 13:56 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000874 ____A C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
2012-06-05 13:56 - 2012-06-05 13:56 - 00000000 ____D C:\Program Files\IObit
2012-06-04 13:43 - 2012-03-05 19:26 - 00000000 ___HD C:\Documents and Settings\Brent & Sharon\NetHood
2012-06-01 21:26 - 2012-06-01 21:26 - 00013832 ____A C:\ComboFix.txt
2012-06-01 21:26 - 2012-04-27 13:48 - 00000000 ____D C:\Qoobox
2012-06-01 21:22 - 2003-07-16 20:47 - 00000227 ____A C:\Windows\system.ini
2012-06-01 20:32 - 2012-04-27 13:46 - 04534253 ____R (Swearware) C:\Documents and Settings\Brent & Sharon\Desktop\ComboFix.exe
2012-05-31 13:22 - 2011-09-28 07:06 - 00599040 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\crypt32.dll
2012-05-31 13:22 - 2004-08-04 10:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-05-30 20:23 - 2012-05-30 20:23 - 00634613 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Bike.JPG
2012-05-30 20:23 - 2012-05-30 20:23 - 00569215 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Stroller.JPG
2012-05-30 20:20 - 2012-04-26 00:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-28 23:40 - 2012-03-06 01:41 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Albums
2012-05-28 12:10 - 2012-05-28 12:10 - 00001409 ____A C:\Windows\QTFont.for
2012-05-28 12:04 - 2012-03-10 19:45 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\Avery Templates
2012-05-28 00:45 - 2012-05-28 00:45 - 00112914 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Combo Fix log 5272012.txt
2012-05-28 00:30 - 2003-07-16 20:29 - 00000027 ____N C:\Windows\System32\Drivers\etc\hosts
2012-05-26 13:45 - 2012-06-09 17:41 - 00000000 __SHD C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-05-26 13:45 - 2012-03-05 14:05 - 00000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-05-25 14:29 - 2012-05-25 14:25 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-25 14:29 - 2012-03-06 04:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-22 11:34 - 2004-08-04 10:00 - 00000000 __SHD C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}
2012-05-21 20:03 - 2012-04-20 01:02 - 00000000 ____D C:\Windows\System32\%APPDATA%
2012-05-21 20:01 - 2012-03-06 03:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-05-21 20:00 - 2012-03-06 16:38 - 00000000 __HDC C:\Windows\$NtUninstallKB978706$
2012-05-21 20:00 - 2012-03-06 04:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-21 16:30 - 2012-03-06 01:32 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-21 15:36 - 2012-05-21 15:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2012-05-21 14:49 - 2012-03-07 02:23 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Scans
2012-05-18 14:02 - 2012-03-24 07:05 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-18 13:51 - 2012-03-06 02:20 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-18 13:48 - 2012-03-05 14:05 - 00581146 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-18 07:15 - 2012-05-18 07:13 - 00000000 ____D C:\b496031748e97c47a6786b0700
2012-05-17 14:18 - 2012-05-17 14:18 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\PCHealth
2012-05-16 11:52 - 2012-03-06 16:38 - 00000000 __HDC C:\Windows\$NtUninstallKB978542$
2012-04-27 14:53 - 2012-04-27 13:49 - 00000000 ____D C:\Windows\ERDNT
2012-04-27 14:45 - 2012-03-05 19:26 - 00000000 __SHD C:\Documents and Settings\Brent & Sharon\Local Settings\Temporary Internet Files
2012-04-27 14:43 - 2012-04-27 14:11 - 00008192 ___AH C:\Windows\System32\config\security.tmp.LOG
2012-04-27 14:43 - 2012-03-05 14:04 - 00049152 ____A C:\Windows\System32\config\security.bak
2012-04-27 14:43 - 2012-03-05 14:04 - 00024576 ____A C:\Windows\System32\config\sam.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 30470144 ____A C:\Windows\System32\config\software.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 06291456 ____A C:\Windows\System32\config\system.bak
2012-04-27 14:43 - 2012-03-05 14:03 - 00487424 ____A C:\Windows\System32\config\default.bak
2012-04-27 14:11 - 2012-04-27 14:11 - 00000000 ___AH C:\Windows\System32\config\sam.tmp.LOG
2012-04-27 14:11 - 2012-03-05 17:40 - 00008192 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-04-27 13:55 - 2012-04-27 13:55 - 00000000 RASHD C:\cmdcons
2012-04-27 13:46 - 2012-04-27 13:46 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Videos
2012-04-27 13:46 - 2012-04-27 13:46 - 00000000 ___RD C:\Documents and Settings\All Users\Documents\My Videos
2012-04-27 13:46 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents
2012-04-27 00:53 - 2012-03-08 14:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-26 20:28 - 2012-03-06 00:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2012
2012-04-26 00:35 - 2012-04-26 00:35 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\SUPERAntiSpyware.com
2012-04-26 00:34 - 2012-04-26 00:34 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-26 00:34 - 2012-04-26 00:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-26 00:21 - 2012-04-25 14:32 - 00000000 ____D C:\Program Files\PC Tools
2012-04-26 00:21 - 2012-04-25 14:25 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-04-26 00:18 - 2012-04-25 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-04-25 15:12 - 2012-04-25 15:12 - 00127687 ____A C:\Documents and Settings\Brent & Sharon\My Documents\Spy Doctor Scan.htm
2012-04-25 14:53 - 2012-04-25 14:53 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Threat Expert
2012-04-25 14:27 - 2012-04-25 14:26 - 00586105 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-25 14:24 - 2012-04-25 14:24 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\TestApp
2012-04-25 13:59 - 2012-03-06 03:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-04-20 13:00 - 2012-03-07 08:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2012-04-20 02:21 - 2012-04-20 02:21 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2012-04-20 02:20 - 2012-04-20 02:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-04-20 02:20 - 2012-04-20 02:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-04-20 01:35 - 2012-03-18 22:33 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Desktop\Scans_3-15-2012
2012-04-19 20:24 - 2012-03-06 03:15 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-19 20:24 - 2012-03-06 03:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-19 08:50 - 2012-04-19 08:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-04-18 11:54 - 2012-04-18 11:50 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2012-04-18 11:33 - 2012-03-06 00:01 - 00019632 ____A C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-17 23:16 - 2012-04-17 23:16 - 00001682 ____A C:\Documents and Settings\All Users\Desktop\H&R Block 2011.lnk
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Program Files\PDF995
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Program Files\HRBlock2011
2012-04-17 23:15 - 2012-04-17 23:15 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\HRBlock
2012-04-17 23:08 - 2012-04-17 23:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TaxCut
2012-04-17 22:56 - 2012-04-17 22:56 - 32934824 ____A (HRB Technology, LLC. ) C:\Documents and Settings\Brent & Sharon\Desktop\HRB_At_Home_2011DES_D.exe
2012-04-11 13:14 - 2012-03-06 01:57 - 02148352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-04-11 13:12 - 2010-05-02 05:22 - 01862272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-04-11 13:12 - 2004-08-04 10:00 - 01862272 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-11 13:10 - 2012-03-06 01:57 - 02192640 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-04-11 13:10 - 2005-03-30 01:23 - 02192640 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 12:35 - 2012-03-06 01:57 - 02026496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-04-11 12:35 - 2009-02-08 00:02 - 02069120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-04-11 12:35 - 2005-03-30 01:01 - 02069120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-04 19:56 - 2012-03-06 03:15 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 21:02 - 2012-04-03 21:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2012-04-03 21:02 - 2012-04-03 21:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2012-03-25 07:14 - 2012-03-25 07:14 - 00000000 __HDC C:\Windows\$NtUninstallKB961118$
2012-03-24 07:05 - 2012-03-24 07:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-03-24 07:05 - 2012-03-24 07:05 - 00000000 ____D C:\Program Files\MSBuild
2012-03-24 07:05 - 2012-03-24 07:04 - 00000000 ____D C:\f53e7bb1d536157ee8866a6979fa
2012-03-24 07:05 - 2012-03-05 14:00 - 00000000 ____D C:\Windows\System32\spool
2012-03-24 07:02 - 2012-03-05 19:19 - 00000000 ____D C:\Windows\PCHealth
2012-03-23 11:46 - 2012-03-06 17:05 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Google
2012-03-22 19:12 - 2012-03-22 19:12 - 04435968 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr
2012-03-21 21:32 - 2012-03-21 21:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-03-21 21:32 - 2012-03-20 20:21 - 00000000 ____D C:\Program Files\iTunes
2012-03-21 21:31 - 2012-03-21 15:43 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
2012-03-21 21:23 - 2012-03-21 21:23 - 00001542 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-03-21 21:23 - 2012-03-21 21:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-21 21:22 - 2012-03-21 21:22 - 00000000 ____D C:\Program Files\iPod
2012-03-21 21:14 - 2012-03-21 21:14 - 00000000 ____D C:\Program Files\Apple Software Update
2012-03-21 21:08 - 2012-03-21 21:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-03-21 21:07 - 2012-03-21 21:07 - 00000000 ____D C:\Program Files\Bonjour
2012-03-21 21:06 - 2012-03-20 20:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-21 20:52 - 2012-03-21 20:52 - 02617176 ____A (VS Revo Group Ltd.) C:\Documents and Settings\Brent & Sharon\My Documents\revosetup.exe
2012-03-21 20:52 - 2012-03-21 20:52 - 00000917 ____A C:\Documents and Settings\Brent & Sharon\Desktop\Revo Uninstaller.lnk
2012-03-21 20:52 - 2012-03-21 20:52 - 00000000 ____D C:\Program Files\VS Revo Group
2012-03-21 20:43 - 2012-03-21 15:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-03-21 20:43 - 2012-03-05 14:05 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-21 20:42 - 2012-03-05 19:19 - 00000000 ____D C:\Program Files\Common Files\System
2012-03-21 20:42 - 2003-07-16 20:51 - 00000542 ____A C:\Windows\win.ini
2012-03-21 20:40 - 2012-03-19 23:21 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-03-21 16:12 - 2012-03-21 16:11 - 987942848 ____A (Microsoft Corporation) C:\Documents and Settings\Brent & Sharon\Desktop\Office 2010 Download.exe
2012-03-21 15:34 - 2012-03-21 15:34 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Microsoft Help
2012-03-20 20:23 - 2012-03-05 19:26 - 00000000 ___RD C:\Documents and Settings\Brent & Sharon\My Documents\My Music
2012-03-20 20:22 - 2012-03-20 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Apple Computer
2012-03-20 20:22 - 2012-03-20 20:22 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Application Data\Apple Computer
2012-03-20 20:21 - 2012-03-20 20:20 - 00000000 ____D C:\Program Files\QuickTime
2012-03-20 20:21 - 2012-03-20 20:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2012-03-20 20:20 - 2012-03-20 20:20 - 00001604 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2012-03-20 20:19 - 2012-03-20 20:19 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\Local Settings\Application Data\Apple
2012-03-20 20:14 - 2012-03-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2012-03-20 17:50 - 2012-04-25 14:25 - 00203088 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-03-19 23:08 - 2012-03-11 01:59 - 00000000 ____D C:\Documents and Settings\Brent & Sharon\My Documents\My Downloads
2012-03-19 09:17 - 2011-07-11 06:14 - 00301248 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
2012-03-18 22:35 - 2012-03-06 17:08 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-03-18 22:33 - 2012-03-18 22:33 - 00000655 ____A C:\autoAlbum.log
2012-03-15 20:15 - 2012-03-15 20:15 - 00000000 ____D C:\Windows\Sun
2012-03-15 07:02 - 2012-03-15 07:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2641653$
2012-03-15 07:01 - 2012-03-15 07:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2647518$
2012-03-15 07:01 - 2012-03-15 07:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2621440$

ZeroAccess:
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L\00000004.@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\L\1afb2d56
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U\00000004.@
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576}\U\000000cb.@

ZeroAccess:
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\@
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\L
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-06-05 22:52 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP99

RP: -> 2012-06-05 22:48 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP98

RP: -> 2012-05-28 01:09 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP93

RP: -> 2012-05-21 14:18 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP90

RP: -> 2012-05-18 13:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP89

RP: -> 2012-05-18 07:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP88

RP: -> 2012-05-17 12:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP87

RP: -> 2012-05-15 14:53 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP86

RP: -> 2012-05-04 21:53 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP80

RP: -> 2012-05-03 21:13 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP79

RP: -> 2012-04-26 00:14 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP76

RP: -> 2012-04-25 13:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP75

RP: -> 2012-04-24 14:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP74

RP: -> 2012-04-17 10:39 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP72

RP: -> 2012-04-16 09:40 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP71

RP: -> 2012-04-15 08:41 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP70

RP: -> 2012-04-14 07:42 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP69

RP: -> 2012-04-13 07:38 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP68

RP: -> 2012-04-12 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP67

RP: -> 2012-04-08 15:25 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP63

RP: -> 2012-04-07 14:50 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP62

RP: -> 2012-04-06 00:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP61

RP: -> 2012-04-04 23:31 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP60

RP: -> 2012-04-03 16:11 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP59

RP: -> 2012-04-02 14:49 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP58

RP: -> 2012-04-01 12:43 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP57

RP: -> 2012-03-31 11:43 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP56

RP: -> 2012-03-30 11:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP55

RP: -> 2012-03-29 10:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP54

RP: -> 2012-03-28 09:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP53

RP: -> 2012-03-27 08:02 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP52

RP: -> 2012-03-26 07:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP51

RP: -> 2012-03-25 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP50

RP: -> 2012-03-24 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP49

RP: -> 2012-03-23 22:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP48

RP: -> 2012-03-22 21:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP47

RP: -> 2012-03-21 21:19 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP46

RP: -> 2012-03-21 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP42

RP: -> 2012-03-20 20:21 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP41

RP: -> 2012-03-20 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP40

RP: -> 2012-03-19 23:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP39

RP: -> 2012-03-19 22:56 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP38

RP: -> 2012-03-19 10:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP37

RP: -> 2012-03-18 09:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP36

RP: -> 2012-03-17 08:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP35

RP: -> 2012-03-16 07:22 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP34

RP: -> 2012-03-15 07:00 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP33

RP: -> 2012-03-14 17:08 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP32

RP: -> 2012-06-12 15:41 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP108

RP: -> 2012-06-11 18:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP107

RP: -> 2012-06-11 18:01 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP106

RP: -> 2012-06-11 17:58 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP105

RP: -> 2012-06-11 17:48 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP104

RP: -> 2012-06-11 17:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP103

RP: -> 2012-06-06 20:55 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP102

RP: -> 2012-06-06 20:49 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP101

RP: -> 2012-06-06 20:44 - 024576 _restore{21881037-6546-4C82-AB38-85734F2C1DC0}\RP100


========================= Memory info ======================

Percentage of memory in use: 35%
Total physical RAM: 2046.09 MB
Available physical RAM: 1323.63 MB
Total Pagefile: 1875.7 MB
Available Pagefile: 1346.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.91 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT
3 Drive c: () (Fixed) (Total:465.75 GB) (Free:444.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32
6 Drive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
7 Drive x: (UBCD4Windows) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 466 GB Healthy
======================================================================================================
======================= End Of Log ==========================

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 12 June 2012 - 02:59 PM

That's an FSS.txt log.

Please post the Fixlog.txt log file. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 12 June 2012 - 03:15 PM

Oops. Sorry about that. Here it is.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012
Ran by SYSTEM at 2012-06-12 16:09:50 Run:1
Running from D:\

==============================================

2wirepcp service deleted successfully.
AppMgmt service deleted successfully.
AppnBase service deleted successfully.
asuskeyboardservice service deleted successfully.
Ati HotKey Poller service deleted successfully.
avupdsvc service deleted successfully.
blueletscoaudio service deleted successfully.
caccprovsp service deleted successfully.
cmdagent service deleted successfully.
COMMONFX.DLL service deleted successfully.
compbatt service deleted successfully.
crcdisk service deleted successfully.
dbmang service deleted successfully.
dlaudfam service deleted successfully.
dpfusmgr service deleted successfully.
dtsrvc service deleted successfully.
dvd_2K service deleted successfully.
DynDNS_Updater_Service service deleted successfully.
EhttpSrv service deleted successfully.
eliservice service deleted successfully.
ELmou service deleted successfully.
fcprintservice service deleted successfully.
fetnd5bv service deleted successfully.
FontCache3.0.0.0 service deleted successfully.
GTF32BUS service deleted successfully.
helpsvc service deleted successfully.
hmonitor service deleted successfully.
HssSrv service deleted successfully.
idsvc service deleted successfully.
incdfs service deleted successfully.
IntelC51 service deleted successfully.
iteatapi service deleted successfully.
JavaQuickStarterService service deleted successfully.
L8042mou service deleted successfully.
ldlcserv service deleted successfully.
LMS service deleted successfully.
LUsbFilt service deleted successfully.
LVBulk service deleted successfully.
lvpr2mon service deleted successfully.
lvusbsta service deleted successfully.
lxdm_device service deleted successfully.
lxrjd31d service deleted successfully.
mrpostman service deleted successfully.
mssqlserver service deleted successfully.
NEOFLTR_600_13319 service deleted successfully.
NetTcpPortSharing service deleted successfully.
NICM service deleted successfully.
nmraapache service deleted successfully.
nvstor32 service deleted successfully.
nwdls service deleted successfully.
pdlncbas service deleted successfully.
pdlndldl service deleted successfully.
Pml Driver HPZ12 service deleted successfully.
rt61 service deleted successfully.
rwbackupsrv service deleted successfully.
s217mgmt service deleted successfully.
SABProcEnum service deleted successfully.
slssvc service deleted successfully.
snac service deleted successfully.
sonicatheaterinstallerservice service deleted successfully.
ssm_mdm service deleted successfully.
SWNC8U51 service deleted successfully.
sysplant service deleted successfully.
tapvpn service deleted successfully.
tfsncofs service deleted successfully.
USB11LDR service deleted successfully.
VAIOMediaPlatform-MusicServer-UPnP service deleted successfully.
vds service deleted successfully.
vetefile service deleted successfully.
vmm service deleted successfully.
w550mdm service deleted successfully.
w810bus service deleted successfully.
wacomvhid service deleted successfully.
webrootcommagentservice service deleted successfully.
winvnc4 service deleted successfully.
zd1211u(zydas) service deleted successfully.
4 Abiosdsk; service not found.
4 abp480n5; service not found.
4 adpu160m; service not found.
4 Aha154x; service not found.
4 aic78u2; service not found.
4 aic78xx; service not found.
4 AliIde; service not found.
4 amsint; service not found.
4 asc; service not found.
4 asc3350p; service not found.
4 asc3550; service not found.
4 Atdisk; service not found.
4 cd20xrnt; service not found.
1 Changer; service not found.
4 CmdIde; service not found.
4 Cpqarray; service not found.
4 dac2w2k; service not found.
4 dac960nt; service not found.
4 dpti2o; service not found.
4 hpn; service not found.
1 i2omgmt; service not found.
4 i2omp; service not found.
4 ini910u; service not found.
1 lbrtfdc; service not found.
4 mraid35x; service not found.
1 PCIDump; service not found.
3 PDCOMP; service not found.
3 PDFRAME; service not found.
3 PDRELI; service not found.
3 PDRFRAME; service not found.
4 perc2; service not found.
4 perc2hib; service not found.
4 ql1080; service not found.
4 Ql10wnt; service not found.
4 ql12160; service not found.
4 ql1240; service not found.
4 ql1280; service not found.
4 Simbad; service not found.
4 Sparrow; service not found.
4 symc810; service not found.
4 symc8xx; service not found.
4 sym_hi; service not found.
4 sym_u3; service not found.
3 TlntSvr; service not found.
4 TosIde; service not found.
4 ultra; service not found.
4 ViaIde; service not found.
3 WDICA; service not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mssqlserver Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs sonicatheaterinstallerservice Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs USB11LDR Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SABProcEnum Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wacomvhid Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs iteatapi Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs caccprovsp Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs incdfs Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs sysplant Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LUsbFilt Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs VAIOMediaPlatform-MusicServer-UPnP Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vetefile Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dvd_2K Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HssSrv Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs cmdagent Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DynDNS_Updater_Service Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nwdls Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dbmang Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs GTF32BUS Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs w810bus Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zd1211u(zydas) not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rchost Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mcdbus Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs asuskeyboardservice Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dtsrvc Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rwbackupsrv Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LMS Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs lvpr2mon Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs crcdisk Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs lxrjd31d Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pdlndldl Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs avupdsvc Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nmraapache Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs L8042mou Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SECYPUSB Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs 2wirepcp Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rt61 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NICM Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dlaudfam Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pdlncbas Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs tfsncofs Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs fetnd5bv Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs lvusbsta Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs tapvpn Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs EhttpSrv Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs AppnBase Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LVBulk Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs oracle_load_balancer_60_server-forms6ip14 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs IntelC51 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ssm_mdm Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs fcprintservice Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ELmou Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mrpostman Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SWNC8U51 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs slssvc Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs blueletscoaudio Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs hmonitor Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ldlcserv Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs snac Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nvstor32 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs webrootcommagentservice Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs eliservice Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs compbatt Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NEOFLTR_600_13319 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs COMMONFX.DLL Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs w550mdm Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs dpfusmgr Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs s217mgmt Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs winvnc4 Deleted successfully.
C:\Windows\$NtUninstallKB2686509$ moved successfully.
C:\Windows\$NtUninstallKB2659262$ moved successfully.
C:\Windows\$NtUninstallKB2718704$ moved successfully.
C:\Windows\$NtUninstallKB2695962$ moved successfully.
C:\Windows\$NtUninstallKB2676562$ moved successfully.
C:\Windows\$NtUninstallKB2653956$ moved successfully.
C:\Windows\$NtUninstallKB961501_0$ moved successfully.
C:\Windows\$NtUninstallKB978706$ moved successfully.
C:\Windows\System32\%APPDATA% moved successfully.
C:\Windows\$NtUninstallKB978706$ not found.
C:\Windows\$NtUninstallKB978542$ moved successfully.
C:\Windows\$NtUninstallKB2296011$ moved successfully.
C:\Windows\$NtUninstallKB961118$ moved successfully.
C:\Windows\$NtUninstallKB2641653$ moved successfully.
C:\Windows\$NtUninstallKB2647518$ moved successfully.
C:\Windows\$NtUninstallKB2621440$ moved successfully.
C:\Windows\Installer\{5c3047bc-329a-850a-3996-e3554eb20576} moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{5c3047bc-329a-850a-3996-e3554eb20576} moved successfully.

========================= Folder: C:\b496031748e97c47a6786b0700 ========================

2012-05-18 07:15 - 2012-05-18 07:15 - 0000788 ___AH () C:\b496031748e97c47a6786b0700\$shtdwn$.req
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1025
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1028
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1029
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1030
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1031
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1032
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1033
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1035
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1036
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1037
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1038
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1040
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1041
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1042
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1043
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1044
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1045
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1046
2012-05-18 07:14 - 2012-05-18 07:14 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1049
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1053
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\1055
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\2052
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\2070
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\3076
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\3082
2011-12-15 16:50 - 2011-12-15 16:50 - 0016118 ____A () C:\b496031748e97c47a6786b0700\DHtmlHeader.html
2012-05-18 07:15 - 2012-05-18 07:15 - 0000000 ____D () C:\b496031748e97c47a6786b0700\Graphics
2011-12-15 17:45 - 2011-12-15 17:45 - 0003628 ____A () C:\b496031748e97c47a6786b0700\header.bmp
2011-12-15 17:40 - 2011-12-15 17:40 - 23374336 ____A () C:\b496031748e97c47a6786b0700\NDP40-KB2604121.msp
2011-12-15 17:45 - 2011-12-15 17:45 - 0030042 ____A () C:\b496031748e97c47a6786b0700\ParameterInfo.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0079112 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\Setup.exe
2011-12-15 17:03 - 2011-12-15 17:03 - 0810256 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\SetupEngine.dll
2011-12-15 17:03 - 2011-12-15 17:03 - 0296712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\SetupUi.dll
2011-12-15 16:50 - 2011-12-15 16:50 - 0030120 ____A () C:\b496031748e97c47a6786b0700\SetupUi.xsd
2011-12-15 16:50 - 2011-12-15 16:50 - 0097048 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\SetupUtility.exe
2011-12-15 17:45 - 2011-12-15 17:45 - 0196662 ____A () C:\b496031748e97c47a6786b0700\SplashScreen.bmp
2011-12-15 16:50 - 2011-12-15 16:50 - 0196416 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\sqmapi.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0013606 ____A () C:\b496031748e97c47a6786b0700\Strings.xml
2011-12-15 17:45 - 2011-12-15 17:45 - 0036180 ____A () C:\b496031748e97c47a6786b0700\UiInfo.xml
2011-12-15 17:45 - 2011-12-15 17:45 - 0104072 ____A () C:\b496031748e97c47a6786b0700\watermark.bmp
2011-12-15 17:45 - 2011-12-15 17:45 - 0123035 ____A () C:\b496031748e97c47a6786b0700\1025\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0034118 ____A () C:\b496031748e97c47a6786b0700\1025\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0017688 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1025\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0128333 ____A () C:\b496031748e97c47a6786b0700\1028\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0028422 ____A () C:\b496031748e97c47a6786b0700\1028\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0014616 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1028\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0101146 ____A () C:\b496031748e97c47a6786b0700\1029\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036716 ____A () C:\b496031748e97c47a6786b0700\1029\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1029\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0109464 ____A () C:\b496031748e97c47a6786b0700\1030\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036020 ____A () C:\b496031748e97c47a6786b0700\1030\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1030\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0091719 ____A () C:\b496031748e97c47a6786b0700\1031\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037858 ____A () C:\b496031748e97c47a6786b0700\1031\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1031\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0102048 ____A () C:\b496031748e97c47a6786b0700\1032\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0038668 ____A () C:\b496031748e97c47a6786b0700\1032\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019736 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1032\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0138595 ____A () C:\b496031748e97c47a6786b0700\1033\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0035802 ____A () C:\b496031748e97c47a6786b0700\1033\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0017688 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1033\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0111176 ____A () C:\b496031748e97c47a6786b0700\1035\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036066 ____A () C:\b496031748e97c47a6786b0700\1035\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1035\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0133172 ____A () C:\b496031748e97c47a6786b0700\1036\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037676 ____A () C:\b496031748e97c47a6786b0700\1036\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1036\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0125351 ____A () C:\b496031748e97c47a6786b0700\1037\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0033028 ____A () C:\b496031748e97c47a6786b0700\1037\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0017176 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1037\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0110879 ____A () C:\b496031748e97c47a6786b0700\1038\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037692 ____A () C:\b496031748e97c47a6786b0700\1038\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1038\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0124974 ____A () C:\b496031748e97c47a6786b0700\1040\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037048 ____A () C:\b496031748e97c47a6786b0700\1040\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1040\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0111958 ____A () C:\b496031748e97c47a6786b0700\1041\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0031424 ____A () C:\b496031748e97c47a6786b0700\1041\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0016152 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1041\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0149503 ____A () C:\b496031748e97c47a6786b0700\1042\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0030504 ____A () C:\b496031748e97c47a6786b0700\1042\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0015640 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1042\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0035285 ____A () C:\b496031748e97c47a6786b0700\1043\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036850 ____A () C:\b496031748e97c47a6786b0700\1043\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019736 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1043\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0036083 ____A () C:\b496031748e97c47a6786b0700\1044\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036546 ____A () C:\b496031748e97c47a6786b0700\1044\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018200 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1044\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0126541 ____A () C:\b496031748e97c47a6786b0700\1045\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037132 ____A () C:\b496031748e97c47a6786b0700\1045\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1045\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0109574 ____A () C:\b496031748e97c47a6786b0700\1046\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036530 ____A () C:\b496031748e97c47a6786b0700\1046\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018712 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1046\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0049319 ____A () C:\b496031748e97c47a6786b0700\1049\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037394 ____A () C:\b496031748e97c47a6786b0700\1049\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (?????????? ??????????) C:\b496031748e97c47a6786b0700\1049\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0125073 ____A () C:\b496031748e97c47a6786b0700\1053\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036014 ____A () C:\b496031748e97c47a6786b0700\1053\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018200 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1053\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0112947 ____A () C:\b496031748e97c47a6786b0700\1055\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0036274 ____A () C:\b496031748e97c47a6786b0700\1055\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0018200 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\1055\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0110754 ____A () C:\b496031748e97c47a6786b0700\2052\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0028414 ____A () C:\b496031748e97c47a6786b0700\2052\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0014616 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\2052\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0125196 ____A () C:\b496031748e97c47a6786b0700\2070\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037332 ____A () C:\b496031748e97c47a6786b0700\2070\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\2070\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0002060 ____A () C:\b496031748e97c47a6786b0700\3076\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0028422 ____A () C:\b496031748e97c47a6786b0700\3076\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0014616 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\3076\SetupResources.dll
2011-12-15 17:45 - 2011-12-15 17:45 - 0108174 ____A () C:\b496031748e97c47a6786b0700\3082\eula.rtf
2011-12-15 17:45 - 2011-12-15 17:45 - 0037096 ____A () C:\b496031748e97c47a6786b0700\3082\LocalizedData.xml
2011-12-15 17:03 - 2011-12-15 17:03 - 0019224 ____A (Microsoft Corporation) C:\b496031748e97c47a6786b0700\3082\SetupResources.dll
2011-12-15 16:45 - 2011-12-15 16:45 - 0001150 ____A () C:\b496031748e97c47a6786b0700\Graphics\Print.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate1.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate2.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate3.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate4.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate5.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate6.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate7.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0000894 ____A () C:\b496031748e97c47a6786b0700\Graphics\Rotate8.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0001150 ____A () C:\b496031748e97c47a6786b0700\Graphics\Save.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0036710 ____A () C:\b496031748e97c47a6786b0700\Graphics\Setup.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0010134 ____A () C:\b496031748e97c47a6786b0700\Graphics\stop.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0001150 ____A () C:\b496031748e97c47a6786b0700\Graphics\SysReqMet.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0001150 ____A () C:\b496031748e97c47a6786b0700\Graphics\SysReqNotMet.ico
2011-12-15 16:45 - 2011-12-15 16:45 - 0010134 ____A () C:\b496031748e97c47a6786b0700\Graphics\warn.ico

====== End of Folder: ======

========================= Folder: C:\f53e7bb1d536157ee8866a6979fa ========================

2012-03-24 07:05 - 2012-03-24 07:05 - 0000000 ____D () C:\f53e7bb1d536157ee8866a6979fa\amd64
2012-03-24 07:05 - 2012-03-24 07:05 - 0000000 ____D () C:\f53e7bb1d536157ee8866a6979fa\i386
2012-03-24 07:04 - 2008-07-06 12:06 - 0147456 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\amd64\filterpipelineprintproc.dll
2012-03-24 07:04 - 2008-07-06 12:06 - 0010929 ____N () C:\f53e7bb1d536157ee8866a6979fa\amd64\msxpsdrv.cat
2012-03-24 07:04 - 2008-06-19 05:33 - 0002204 ____N () C:\f53e7bb1d536157ee8866a6979fa\amd64\msxpsdrv.inf
2008-06-19 15:03 - 2008-06-19 15:03 - 0000073 ____N () C:\f53e7bb1d536157ee8866a6979fa\amd64\msxpsinc.gpd
2012-03-24 07:04 - 2008-06-19 05:33 - 0000072 ____N () C:\f53e7bb1d536157ee8866a6979fa\amd64\msxpsinc.ppd
2012-03-24 07:04 - 2008-07-06 12:06 - 0748032 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\amd64\mxdwdrv.dll
2008-07-06 21:36 - 2008-07-06 21:36 - 2936832 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\amd64\xpssvcs.dll
2012-03-24 07:04 - 2008-07-06 12:06 - 0089088 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\i386\filterpipelineprintproc.dll
2012-03-24 07:04 - 2008-07-06 12:06 - 0010929 ____N () C:\f53e7bb1d536157ee8866a6979fa\i386\msxpsdrv.cat
2012-03-24 07:04 - 2008-06-19 05:33 - 0002204 ____N () C:\f53e7bb1d536157ee8866a6979fa\i386\msxpsdrv.inf
2012-03-24 07:04 - 2008-06-19 15:03 - 0000073 ____N () C:\f53e7bb1d536157ee8866a6979fa\i386\msxpsinc.gpd
2012-03-24 07:04 - 2008-06-19 05:33 - 0000072 ____N () C:\f53e7bb1d536157ee8866a6979fa\i386\msxpsinc.ppd
2012-03-24 07:04 - 2008-07-06 12:06 - 0765440 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\i386\mxdwdrv.dll
2012-03-24 07:04 - 2008-07-06 12:06 - 1676288 ____N (Microsoft Corporation) C:\f53e7bb1d536157ee8866a6979fa\i386\xpssvcs.dll

====== End of Folder: ======

==== End of Fixlog ====

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:45 AM

Posted 12 June 2012 - 03:31 PM

bmjoy,

By the way, great work so far! :)

Rerun Combofix
Please delete the Combofix.exe file on your desktop. Do not make any other changes to your computer!

Then, download a NEW version of Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 bmjoy

bmjoy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 12 June 2012 - 04:04 PM

Jason,

The computer seems to be running great right now. I'll give you an update after I've had a chance to give is more of a workout, but so far so good.

I'm copying the latest Combofix log for you.

Thank you very much for all of your help.

Brent

ComboFix 12-06-12.01 - Brent & Sharon 06/12/2012 16:42:27.6.1 - x86
Running from: c:\documents and settings\Brent & Sharon\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 16:19 . 2012-06-12 16:19 -------- d-----w- c:\documents and settings\Brent & Sharon\Application Data\ImgBurn
2012-06-12 16:09 . 2012-06-12 16:09 -------- d-----w- c:\program files\ImgBurn
2012-06-12 15:42 . 2012-06-12 15:42 -------- d-----w- c:\program files\Windows Resource Kits
2012-06-12 15:28 . 2012-06-12 15:30 -------- d-----w- C:\dellxpcd
2012-06-12 15:11 . 2012-06-12 15:59 -------- d-----w- C:\UBCD4Win
2012-06-12 14:00 . 2012-06-12 15:55 -------- d-----w- C:\FRST
2012-06-12 00:13 . 2012-06-12 00:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-11 18:08 . 2012-06-11 18:24 -------- d-----w- c:\documents and settings\Brent & Sharon\Local Settings\Application Data\NPE
2012-06-11 18:08 . 2012-06-11 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-06-11 17:25 . 2012-06-11 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-06-09 17:41 . 2012-06-09 17:42 -------- d-----w- c:\documents and settings\Administrator
2012-06-09 17:37 . 2012-06-09 17:37 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-06-09 17:37 . 2012-06-09 17:37 3038 ----a-w- C:\fix_svchost.bat
2012-06-09 17:36 . 2012-06-09 17:36 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-06-05 15:55 . 2012-06-05 15:55 388096 ----a-r- c:\documents and settings\Brent & Sharon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-05 15:55 . 2012-06-05 15:55 -------- d-----w- c:\program files\Trend Micro
2012-06-05 14:05 . 2012-06-05 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-06-05 13:56 . 2012-06-05 14:04 -------- d-----w- c:\documents and settings\Brent & Sharon\Application Data\IObit
2012-06-05 13:56 . 2012-06-05 13:56 -------- d-----w- c:\program files\IObit
2012-05-28 12:10 . 2012-05-28 12:10 1409 ----a-w- c:\windows\QTFont.for
2012-05-25 14:25 . 2012-05-25 14:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-18 07:13 . 2012-05-18 07:15 -------- d-----w- C:\b496031748e97c47a6786b0700
2012-05-17 14:18 . 2012-05-17 14:18 -------- d-----w- c:\documents and settings\Brent & Sharon\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 17:33 . 2012-03-30 15:37 133 ----a-w- C:\DeletePrintJobs.cmd
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 14:29 . 2012-03-06 04:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:12 . 2004-08-04 10:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-03-30 01:23 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-03-30 01:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2012-03-06 03:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-20 17:50 . 2012-04-25 14:25 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-19 09:17 . 2011-07-11 06:14 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-16 14:40 . 2012-03-06 03:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-28_00.31.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-04 03:33 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 43520 c:\windows\system32\licmgr10.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2011-09-13 11:30 . 2012-01-31 08:46 31952 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-08-08 11:08 . 2011-12-23 17:32 41040 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 17232 c:\windows\system32\drivers\avgidsshimx.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 24144 c:\windows\system32\drivers\avgidsfilterx.sys
+ 2012-03-06 02:19 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2012-03-06 02:19 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2012-04-11 23:52 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll
- 2012-04-11 23:52 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll
- 2012-05-15 14:27 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll
- 2012-05-15 14:27 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll
- 2012-05-15 14:27 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll
- 2012-05-15 14:27 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-06-11 18:46 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2653956\update\spcustom.dll
+ 2012-06-11 18:46 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2653956\spmsg.dll
+ 2004-08-04 10:00 . 2012-02-29 14:10 177664 c:\windows\system32\wintrust.dll
- 2004-08-04 10:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 916992 c:\windows\system32\wininet.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 916992 c:\windows\system32\wininet.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2009-03-08 09:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-04 10:00 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 10:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-04 10:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2012-03-05 14:04 . 2012-06-11 18:56 122928 c:\windows\system32\FNTCACHE.DAT
- 2012-03-05 14:04 . 2012-04-18 11:32 122928 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-07 11:23 . 2012-02-22 09:25 235216 c:\windows\system32\drivers\avgldx86.sys
+ 2011-12-23 17:32 . 2011-12-23 17:32 139856 c:\windows\system32\drivers\avgidsdriverx.sys
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-03-06 02:19 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2012-03-06 02:19 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-03-04 03:33 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-04 03:33 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2012-03-06 02:19 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 10:00 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 10:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 10:00 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 10:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 10:00 . 2008-04-14 00:11 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-09-28 07:06 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2012-03-05 19:24 . 2012-05-28 00:51 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-03-05 19:24 . 2012-04-26 01:11 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-04-11 23:52 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll
- 2012-04-11 23:52 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe
- 2012-04-11 23:52 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe
- 2012-05-15 14:27 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll
- 2012-05-15 14:27 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe
- 2012-05-15 14:27 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe
+ 2012-06-12 15:42 . 2012-06-12 15:42 279040 c:\windows\Installer\429eb3.msi
+ 2012-06-11 18:47 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-06-11 18:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-06-11 18:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-06-11 18:47 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-06-11 18:47 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-06-11 18:46 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2653956\update\updspapi.dll
+ 2012-06-11 18:46 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2653956\update\update.exe
+ 2012-06-11 18:46 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2653956\spuninst.exe
+ 2012-02-29 14:08 . 2012-02-29 14:08 178176 c:\windows\$hf_mig$\KB2653956\SP3QFE\wintrust.dll
+ 2012-02-29 14:08 . 2012-02-29 14:08 148480 c:\windows\$hf_mig$\KB2653956\SP3QFE\imagehlp.dll
+ 2012-06-11 18:19 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2006-03-18 11:09 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
- 2006-03-18 11:09 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2006-03-23 17:32 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
- 2009-03-08 09:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2006-03-18 11:09 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2006-03-18 11:09 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2012-03-06 01:57 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2012-03-06 01:57 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2012-03-06 01:57 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-03-23 17:32 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
- 2012-03-06 02:19 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-06 02:19 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-05 19:24 . 2012-05-28 00:51 3211264 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-05 19:24 . 2012-04-26 01:11 3211264 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-15 14:27 . 2012-02-03 09:22 1860096 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\backup\sp3qfe\win32k.sys
- 2008-04-13 17:31 . 2008-04-13 17:31 2023936 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\backup\sp3qfe\ntkrpamp.exe
- 2012-05-15 14:27 . 2011-10-25 13:37 2148864 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\backup\sp3gdr\ntkrnlmp.exe
+ 2012-06-05 15:55 . 2012-06-05 15:55 1094656 c:\windows\Installer\3f5ac3.msi
+ 2012-06-11 14:08 . 2012-06-11 14:08 5161984 c:\windows\Installer\26d474.msi
+ 2012-06-05 14:26 . 2012-06-05 14:26 2208768 c:\windows\Installer\1bf4ad.msi
+ 2012-06-11 18:47 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-06-11 18:47 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-03-06 01:57 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2012-03-06 01:57 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2012-03-06 01:57 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-03-08 09:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2012-03-06 02:19 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-06-11 18:47 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-06 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-30 3905920]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2012-3-5 368640]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zd1211u(zydas)
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 14:29]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 17:05]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-06 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Brent & Sharon\Application Data\Mozilla\Firefox\Profiles\paq3kffy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110014&babsrc=HP_ss&mntrId=004087140000000000000014d1a4a8ec
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110014&babsrc=adbartrp&mntrId=004087140000000000000014d1a4a8ec&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 16:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,61,77,d7,37,6d,32,4a,82,2a,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,61,77,d7,37,6d,32,4a,82,2a,d8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-06-12 16:57:19
ComboFix-quarantined-files.txt 2012-06-12 20:57
ComboFix2.txt 2012-06-01 21:26
ComboFix3.txt 2012-05-28 00:37
ComboFix4.txt 2012-04-27 14:58
.
Pre-Run: 477,364,793,344 bytes free
Post-Run: 479,210,082,304 bytes free
.
- - End Of File - - 21C5D8C06C40A6FC3153FE8648143C7A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users