Combofix for rootkit leaves no internet

Windows XP SP3 machine battled XP Security 2012 pop-ups for a few days with MalwareByte's, Comodo Cleaning. Seemed to have stopped except for constant browser redirects. Hastily ran a few other scanners and then ComboFix which stated deep cleaning for rootkit
and now I have no internet. "Can not renewing your IP address".


Thanks for your help

My OTL txt

OTL logfile created on: 4/10/2012 6:03:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 78.45% Memory free
3.81 Gb Paging File | 3.57 Gb Available in Paging File | 93.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.51 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 7.40 Gb Free Space | 99.08% Space Free | Partition Type: NTFS

Computer Name: PC5 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 17:51:03 | 000,594,432 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2009/10/07 15:32:29 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2009/10/23 16:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/17 12:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 12:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonypvu1.dll -- (zpsc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVCSTRM.dll -- (yukonwxp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58mgmt.dll -- (XAudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HpqRemHid.dll -- (wg5n)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpn.dll -- (webrootspysweeperservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdelmgr20.dll -- (wdelmgr20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\partmgr.dll -- (WD_FireWire_HID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atiavpci.dll -- (W700mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (w39n51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4usb.dll -- (w200mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax8.dll -- (vmnetdhcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USBVCD.dll -- (videoacceleratorengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\StkScan.dll -- (vetefile)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lmimaint.dll -- (vc8secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adsservice.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidstartup.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc3550.dll -- (useraccess)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EACSys.dll -- (usbaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iomegaaccess.dll -- (UpdateCenterService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regmanserv.dll -- (Uim_IM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HSXHWBS2.dll -- (tvtnetwk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regspy.dll -- (toshidpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexphelper.dll -- (TNaviSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcsysmon.dll -- (tiwlnsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VC6SecS.dll -- (tifm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\euq_monitor.dll -- (thinkpadmodemservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iap.dll -- (symndis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igfx.dll -- (symdns)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bcoreusb.dll -- (SWUMX51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql12160.dll -- (StkScan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdss.dll -- (statusagent4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caboagp.dll -- (ssscsisv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ose.dll -- (speakerphone)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (spcstb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ggsemc.dll -- (snpstd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awecho.dll -- (sndsrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemsg.dll -- (SilverLink)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wltrysvc.dll -- (service1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccevtmgr.dll -- (ser2plms)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wacomkey.dll -- (se2Dnd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symwsc.dll -- (SE2Bobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\InCDsrvR.dll -- (SDdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016bus.dll -- (s3twistr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PNDIS5.dll -- (rmedia)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EL2000.dll -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W700mdm.dll -- (pwkntmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\papyjoy.dll -- (prtg4service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\itchfltr.dll -- (protectionservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (prohlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZTEusbnmea.dll -- (pinnaclemarvinusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\idisw2km.dll -- (pid_0928)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\antivirscheduler.dll -- (penrendezvous)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acdservice.dll -- (pdengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cm102u32.dll -- (pae_avs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sermouse.dll -- (orbmediaservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsRamDsk.dll -- (oracle_load_balancer_60_server-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SlWdmSup.dll -- (NWHOST)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iam.dll -- (MxlW2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\moufiltr.dll -- (MRV6X32P)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenserealtimeanalyzer.dll -- (mrpostman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NETw3v32.dll -- (MREMP50a64)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RivaTuner32.dll -- (modemcsa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iomdisk.dll -- (mnsframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsvcip.dll -- (lxrsii1s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bmwebcfg.dll -- (lmouflt2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (KMW_KBD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwmodem.dll -- (keriomailserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MASPINT.dll -- (irda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (ino_flpy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeantispyware.dll -- (ilicensesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winss.dll -- (igfx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensepolicyserver.dll -- (idebusdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mtag.dll -- (hclinetd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mrvw245.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\as32svc.dll -- (GT891x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icm10blk.dll -- (ghoststartservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cacheserver.dll -- (genmcmn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mysql.dll -- (gemserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AeLookupSvc.dll -- (FTDIBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoterecord.dll -- (forcewarewebinterface)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rasirda.dll -- (fah@c:+fah+fah-service+fah502-console.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ss_bus.dll -- (epson_pm_rpcv4_01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmauthdservice.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amsint.dll -- (dnsexit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avfilter.dll -- (dlaboiom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\udfs.dll -- (defwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DirectUpdate.dll -- (dbustrcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acsvc.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebmsg.dll -- (cwcspud)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpqueue.dll -- (CTEAPSFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARSVC.dll -- (clientservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CADlink.dll -- (cacheserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slservice.dll -- (cachemgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxhttp.dll -- (atiavpci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv4.dll -- (ASNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiSRaid.dll -- (AmdLLD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a8djavs.dll -- (amdagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmauthdservice.dll -- (acedrv07)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcrdsvc.dll -- (3compxe)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/17 13:55:58 | 000,096,128 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ati.dll -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/08/17 23:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2010/04/24 18:41:22 | 001,145,456 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/04/22 16:45:42 | 000,061,040 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/07/01 10:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/01 17:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/13 18:16:36 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/12/18 02:58:26 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2004/08/11 16:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9B8674D5-B6FD-4FBE-A1DF-62105DCA4888}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPT&o=102880&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6H&apn_dtid=YYYYYYYYAU&apn_uid=3513484B-4720-4175-A81C-2945E084D5D0&apn_sauid=13D5DD98-153B-46F6-AEAB-64335426FF38
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\User.PC5\Local Settings\Application Data\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}\ [2012/04/05 16:11:32 | 000,000,000 | ---D | M]

[2009/06/01 10:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.PC5\Application Data\Mozilla\Extensions
[2012/04/04 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.PC5\Application Data\Mozilla\Firefox\Profiles\lh80uiqi.default\extensions
[2010/06/28 08:13:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User.PC5\Application Data\Mozilla\Firefox\Profiles\lh80uiqi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\User.PC5\Application Data\Mozilla\Firefox\Profiles\lh80uiqi.default\searchplugins\askcom.xml
[2011/01/17 13:41:26 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\User.PC5\Application Data\Mozilla\Firefox\Profiles\lh80uiqi.default\searchplugins\conduit.xml
[2011/09/26 16:52:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/10 16:18:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180495781406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152C5DE0-49F8-42CD-8F7A-648BB8216CD9}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/01 09:52:02 | 000,000,036 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: pae_avs - %systemroot%\system32\cm102u32.dll File not found
NetSvcs: w39n51 - %systemroot%\system32\kpfwsvc.dll File not found
NetSvcs: videoacceleratorengine - %systemroot%\system32\USBVCD.dll File not found
NetSvcs: mnsframework - %systemroot%\system32\iomdisk.dll File not found
NetSvcs: sndsrvc - %systemroot%\system32\awecho.dll File not found
NetSvcs: fah@c:+fah+fah-service+fah502-console.exe - %systemroot%\system32\rasirda.dll File not found
NetSvcs: hclinetd - %systemroot%\system32\ati2mtag.dll File not found
NetSvcs: s3twistr - %systemroot%\system32\a016bus.dll File not found
NetSvcs: zpsc - %systemroot%\system32\sonypvu1.dll File not found
NetSvcs: mrpostman - %systemroot%\system32\websenserealtimeanalyzer.dll File not found
NetSvcs: ilicensesvc - %systemroot%\system32\mcafeeantispyware.dll File not found
NetSvcs: usbaudio - %systemroot%\system32\EACSys.dll File not found
NetSvcs: dlaboiom - %systemroot%\system32\avfilter.dll File not found
NetSvcs: vc8secs - %systemroot%\system32\lmimaint.dll File not found
NetSvcs: webrootspysweeperservice - %systemroot%\system32\hpn.dll File not found
NetSvcs: speedfan - %systemroot%\system32\DgiVecp.dll File not found
NetSvcs: tiwlnsvc - %systemroot%\system32\mcsysmon.dll File not found
NetSvcs: acedrv07 - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: protectionservice - %systemroot%\system32\itchfltr.dll File not found
NetSvcs: lxrsii1s - %systemroot%\system32\nsvcip.dll File not found
NetSvcs: W700mdm - %systemroot%\system32\atiavpci.dll File not found
NetSvcs: cyberpowerups - %systemroot%\system32\acsvc.dll File not found
NetSvcs: rmedia - %systemroot%\system32\PNDIS5.dll File not found
NetSvcs: clientservice - %systemroot%\system32\ARSVC.dll File not found
NetSvcs: yukonwxp - %systemroot%\system32\AVCSTRM.dll File not found
NetSvcs: MREMP50a64 - %systemroot%\system32\NETw3v32.dll File not found
NetSvcs: USIUDF - %systemroot%\system32\avidstartup.dll File not found
NetSvcs: thinkpadmodemservice - %systemroot%\system32\euq_monitor.dll File not found
NetSvcs: MRV6X32P - %systemroot%\system32\moufiltr.dll File not found
NetSvcs: wg5n - %systemroot%\system32\HpqRemHid.dll File not found
NetSvcs: igfx - %systemroot%\system32\winss.dll File not found
NetSvcs: Hardlock - %systemroot%\system32\mrvw245.dll File not found
NetSvcs: ser2plms - %systemroot%\system32\ccevtmgr.dll File not found
NetSvcs: ino_flpy - %systemroot%\system32\CAMCAUD.dll File not found
NetSvcs: dpc_srv_webcast - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: StkScan - %systemroot%\system32\ql12160.dll File not found
NetSvcs: KMW_KBD - %systemroot%\system32\carboniteservice.dll File not found
NetSvcs: SWUMX51 - %systemroot%\system32\bcoreusb.dll File not found
NetSvcs: MxlW2k - %systemroot%\system32\iam.dll File not found
NetSvcs: dnsexit - %systemroot%\system32\amsint.dll File not found
NetSvcs: symdns - %systemroot%\system32\igfx.dll File not found
NetSvcs: irda - %systemroot%\system32\MASPINT.dll File not found
NetSvcs: SE2Bobex - %systemroot%\system32\symwsc.dll File not found
NetSvcs: wdelmgr20 - %systemroot%\system32\wdelmgr20.dll File not found
NetSvcs: lmouflt2 - %systemroot%\system32\bmwebcfg.dll File not found
NetSvcs: se2Dnd5 - %systemroot%\system32\wacomkey.dll File not found
NetSvcs: cwcspud - %systemroot%\system32\iwebmsg.dll File not found
NetSvcs: prohlp02 - %systemroot%\system32\RMCAST.dll File not found
NetSvcs: forcewarewebinterface - %systemroot%\system32\remoterecord.dll File not found
NetSvcs: dlcq_device - File not found
NetSvcs: niorbk - File not found
NetSvcs: vserial - File not found
NetSvcs: cachemgr - %systemroot%\system32\slservice.dll File not found
NetSvcs: cacheserver - %systemroot%\system32\CADlink.dll File not found
NetSvcs: oracle_load_balancer_60_server-forms6ip9 - %systemroot%\system32\fsRamDsk.dll File not found
NetSvcs: orbmediaservice - %systemroot%\system32\sermouse.dll File not found
NetSvcs: spcstb - %systemroot%\system32\PSSdk23.dll File not found
NetSvcs: w200mdfl - %systemroot%\system32\dot4usb.dll File not found
NetSvcs: Uim_IM - %systemroot%\system32\regmanserv.dll File not found
NetSvcs: TNaviSrv - %systemroot%\system32\stylexphelper.dll File not found
NetSvcs: FTDIBUS - %systemroot%\system32\AeLookupSvc.dll File not found
NetSvcs: tvtnetwk - %systemroot%\system32\HSXHWBS2.dll File not found
NetSvcs: amdagp - %systemroot%\system32\a8djavs.dll File not found
NetSvcs: gemserv - %systemroot%\system32\mysql.dll File not found
NetSvcs: RapiMgr - File not found
NetSvcs: service1 - %systemroot%\system32\wltrysvc.dll File not found
NetSvcs: atiavpci - %systemroot%\system32\ctxhttp.dll File not found
NetSvcs: GT891x - %systemroot%\system32\as32svc.dll File not found
NetSvcs: ssscsisv - %systemroot%\system32\caboagp.dll File not found
NetSvcs: idebusdr - %systemroot%\system32\websensepolicyserver.dll File not found
NetSvcs: ASNDIS5 - %systemroot%\system32\nv4.dll File not found
NetSvcs: SDdriver - %systemroot%\system32\InCDsrvR.dll File not found
NetSvcs: penrendezvous - %systemroot%\system32\antivirscheduler.dll File not found
NetSvcs: toshidpt - %systemroot%\system32\regspy.dll File not found
NetSvcs: keriomailserver - %systemroot%\system32\btwmodem.dll File not found
NetSvcs: pdengine - %systemroot%\system32\acdservice.dll File not found
NetSvcs: SilverLink - %systemroot%\system32\pdlnemsg.dll File not found
NetSvcs: CTEAPSFX.DLL - %systemroot%\system32\ftpqueue.dll File not found
NetSvcs: tifm - %systemroot%\system32\VC6SecS.dll File not found
NetSvcs: 3compxe - %systemroot%\system32\mcrdsvc.dll File not found
NetSvcs: pid_0928 - %systemroot%\system32\idisw2km.dll File not found
NetSvcs: XAudio - %systemroot%\system32\se58mgmt.dll File not found
NetSvcs: modemcsa - %systemroot%\system32\RivaTuner32.dll File not found
NetSvcs: vmnetdhcp - %systemroot%\system32\mi-raysat_3dsmax8.dll File not found
NetSvcs: VAIOMediaPlatform-PhotoServer-HTTP - %systemroot%\system32\adsservice.dll File not found
NetSvcs: UpdateCenterService - %systemroot%\system32\iomegaaccess.dll File not found
NetSvcs: qmofiltr - %systemroot%\system32\EL2000.dll File not found
NetSvcs: useraccess - %systemroot%\system32\asc3550.dll File not found
NetSvcs: vetefile - %systemroot%\system32\StkScan.dll File not found
NetSvcs: statusagent4 - %systemroot%\system32\bdss.dll File not found
NetSvcs: snpstd2 - %systemroot%\system32\ggsemc.dll File not found
NetSvcs: symndis - %systemroot%\system32\iap.dll File not found
NetSvcs: pwkntmon - %systemroot%\system32\W700mdm.dll File not found
NetSvcs: epson_pm_rpcv4_01 - %systemroot%\system32\ss_bus.dll File not found
NetSvcs: dbustrcm - %systemroot%\system32\DirectUpdate.dll File not found
NetSvcs: NWHOST - %systemroot%\system32\SlWdmSup.dll File not found
NetSvcs: prtg4service - %systemroot%\system32\papyjoy.dll File not found
NetSvcs: OracleOraHome92ClientCache - C:\WINDOWS\system32\ati.dll (Microsoft Corporation)
NetSvcs: speakerphone - %systemroot%\system32\ose.dll File not found
NetSvcs: genmcmn - %systemroot%\system32\cacheserver.dll File not found
NetSvcs: WD_FireWire_HID - %systemroot%\system32\partmgr.dll File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AFD - C:\WINDOWS\system32\drivers\afd.sys ()
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 15:56:18 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/04/10 15:56:18 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2012/04/10 15:56:17 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/04/10 15:56:17 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2012/04/05 16:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}
[2012/04/05 15:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}
[2012/04/04 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2012/04/04 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/04 15:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\AskToolbar
[2012/04/04 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/04/02 17:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/04/02 17:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/04/02 16:14:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/03/30 05:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/03/30 05:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/03/30 05:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2012/03/30 05:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/03/17 10:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/03/17 06:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/03/16 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/16 19:43:24 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2012/03/16 19:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/03/16 14:12:37 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2012/03/16 14:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.PC5\Application Data\Uquk
[2012/03/16 14:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.PC5\Application Data\Elxiwib
[2012/03/16 05:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/13 17:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/13 17:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 17:50:31 | 000,000,138 | ---- | M] () -- C:\WINDOWS\scwinpro_2006.ini
[2012/04/10 17:40:40 | 000,002,167 | ---- | M] () -- C:\WINDOWS\scrcsdll_2006.ini
[2012/04/10 17:40:17 | 000,476,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/10 17:40:17 | 000,085,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/10 17:36:02 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/10 17:35:53 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/04/10 17:35:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/10 17:24:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1924813122-3985655524-3102033309-1010UA.job
[2012/04/10 17:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/10 16:28:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1924813122-3985655524-3102033309-1010Core1cd03fec1d53bc.job
[2012/04/10 16:18:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/10 15:46:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/10 15:07:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/10 14:07:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/10 13:38:32 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 13:38:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/10 13:27:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 13:07:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/10 12:07:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/10 11:42:54 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/10 11:42:54 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/10 11:42:54 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/10 11:42:54 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/10 07:07:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/10 06:10:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2012/04/10 06:07:09 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/10 03:06:35 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2012/04/05 19:19:10 | 000,002,808 | ---- | M] () -- C:\WINDOWS\scredpos_2006.INI
[2012/04/05 19:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/05 18:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/05 05:07:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/05 04:07:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/05 03:37:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/04 16:07:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 10:36:41 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/04/03 03:05:40 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\User.PC5\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/03 03:05:39 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\User.PC5\Desktop\Google Chrome.lnk
[2012/04/02 17:38:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/04/02 16:14:40 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/03/30 09:04:22 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cE6514.dat
[2012/03/20 07:52:48 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/03/13 13:26:01 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 15:44:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 15:44:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/02 17:38:32 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/04/02 17:34:48 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/04/02 17:15:52 | 000,119,296 | ---- | C] () -- C:\WINDOWS\Fonts\tQemmcR5.com
[2012/03/30 05:58:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cE6514.dat
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/03/30 05:58:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/03/17 15:23:12 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1924813122-3985655524-3102033309-1010Core1cd03fec1d53bc.job
[2012/03/13 18:16:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/13 17:52:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 20:20:13 | 000,015,322 | -HS- | C] () -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\p33ug38ghln0t80dqi6hnlpa51873nrhw
[2011/12/23 20:20:13 | 000,015,322 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p33ug38ghln0t80dqi6hnlpa51873nrhw
[2011/12/23 20:03:44 | 000,015,448 | -HS- | C] () -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\4k23500vb53
[2011/12/23 20:03:44 | 000,015,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4k23500vb53
[2011/12/06 11:40:10 | 000,015,470 | -HS- | C] () -- C:\Documents and Settings\User.PC5\Local Settings\Application Data\1ooc67jqi3h5e1
[2011/12/06 11:40:10 | 000,015,470 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1ooc67jqi3h5e1
[2010/10/20 10:03:54 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2010/10/20 10:03:54 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/10/20 10:03:45 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/10/20 10:03:45 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/09/19 18:26:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/03/03 17:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2009/05/29 11:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/05/29 11:29:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/05/29 11:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/11/08 10:36:15 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/04/04 15:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2012/04/04 15:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/04/10 16:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/05/29 17:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/05/29 11:30:32 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/07/01 10:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2009/05/29 11:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\DEWR
[2009/07/09 10:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\E-Zsoft
[2011/12/07 07:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft HiJackFree
[2009/07/09 10:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\HandBrake
[2010/02/09 17:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\HMJoin
[2009/05/29 11:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/03/03 17:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/20 10:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/17 04:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/07 20:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/02/07 20:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/09/26 16:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/03/12 18:00:03 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader
[2009/05/29 11:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Kyocera
[2012/04/10 17:34:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/29 11:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/05/29 11:31:17 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/05/29 17:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/09/26 16:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/17 05:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/29 17:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/05/29 11:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/29 11:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 03:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/04/10 17:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/05/29 11:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/29 17:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/05/29 11:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/05/29 11:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/05/29 17:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/29 11:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/29 11:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/17 02:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/05/29 11:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2011/09/26 16:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\PlaySushi
[2011/02/07 20:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/07 15:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/01/07 16:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/05/29 11:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/22 20:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw VP
[2010/08/06 17:51:55 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2010/06/18 19:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2009/05/29 17:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/06 18:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\TSofts
[2009/05/29 17:38:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/04/04 15:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2011/01/07 17:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2010/03/24 17:21:17 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/05/29 17:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/05/29 11:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/05/29 11:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/05/29 17:56:36 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/05/29 11:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/07/14 20:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2009/05/29 17:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/05/29 11:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2010/09/18 08:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< MD5 for: AGP440.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Source\I386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Source\I386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Source\I386\sp2.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 18:47:01

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/27 12:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 21:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 4/10/2012 6:03:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 78.45% Memory free
3.81 Gb Paging File | 3.57 Gb Available in Paging File | 93.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.51 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 7.40 Gb Free Space | 99.08% Space Free | Partition Type: NTFS

Computer Name: PC5 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{31DF02DC-B2BF-498B-B3BA-A0AA708D7F13}" = HMJoin Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"HandBrake" = HandBrake 0.9.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP PSC 1400 series_Driver" = HP PSC 1400 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Product_Name" = SmartSuite 2008
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Software Informer_is1" = Software Informer 1.0 BETA
"SopCast" = SopCast 3.2.9
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2012 2:18:24 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 2:37:47 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 2:41:49 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 2:47:21 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 2:50:59 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 2:58:23 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 3:19:16 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 3:23:57 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 3:31:01 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/10/2012 3:35:50 AM | Computer Name = PC5 | Source = JavaQuickStarterService | ID = 1
Description =

[ OSession Events ]
Error - 1/15/2009 1:37:03 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15729
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/18/2009 3:33:10 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2009 3:33:18 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2009 3:33:24 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2009 3:33:35 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2009 3:25:44 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2009 3:25:53 AM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/21/2011 7:46:46 PM | Computer Name = PC5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1428
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Pxfhmdfl service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Mcafeeantispyware service terminated with the following error:
%%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Ozoneinstallerservice service terminated with the following error:
%%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The GENERICDRV service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The ROCKEYNT service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Sntnlusb service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The SE27mdfl service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Resourcemanagermail service terminated with the following error:
%%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Parallel service terminated with the following error: %%126

Error - 4/10/2012 3:35:54 AM | Computer Name = PC5 | Source = Service Control Manager | ID = 7023
Description = The Openvpnservice service terminated with the following error: %%126


< End of report >

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 18:12:22
-----------------------------
18:12:22.046 OS Version: Windows 5.1.2600 Service Pack 3
18:12:22.046 Number of processors: 2 586 0xF0D
18:12:22.046 ComputerName: PC5 UserName:
18:12:22.734 Initialize success
18:12:37.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:12:37.296 Disk 0 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
18:12:37.296 Device \Driver\atapi -> DriverStartIo 8a5c52c6
18:12:37.312 Disk 0 MBR read successfully
18:12:37.312 Disk 0 MBR scan
18:12:37.312 Disk 0 TDL4@MBR code has been found
18:12:37.312 Disk 0 MBR hidden
18:12:37.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
18:12:37.312 Disk 0 MBR [TDL4] **ROOTKIT**
18:12:37.312 Disk 0 trace - called modules:
18:12:37.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a5c549f]<<
18:12:37.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8caab8]
18:12:37.312 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a89f9e8]
18:12:37.312 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a89fd98]
18:12:37.328 \Driver\atapi[0x8a8533c8] -> IRP_MJ_CREATE -> 0x8a5c549f
18:12:37.328 Scan finished successfully
18:13:28.015 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
18:13:28.015 The log file has been saved successfully to "E:\aswMBR.txt"

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Java(TM) 6 Update 6
Java version out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


Thanks

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Choose Change Parameters and make sure all the options are checked
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

====================



Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:





As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.





Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Thanks Pancake

My TDSS report


12:39:35.0421 2584 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:39:35.0468 2584 ============================================================
12:39:35.0468 2584 Current date / time: 2012/04/11 12:39:35.0468
12:39:35.0468 2584 SystemInfo:
12:39:35.0468 2584
12:39:35.0468 2584 OS Version: 5.1.2600 ServicePack: 3.0
12:39:35.0468 2584 Product type: Workstation
12:39:35.0468 2584 ComputerName: PC5
12:39:35.0468 2584 UserName: User
12:39:35.0468 2584 Windows directory: C:\WINDOWS
12:39:35.0468 2584 System windows directory: C:\WINDOWS
12:39:35.0468 2584 Processor architecture: Intel x86
12:39:35.0468 2584 Number of processors: 2
12:39:35.0468 2584 Page size: 0x1000
12:39:35.0468 2584 Boot type: Normal boot
12:39:35.0468 2584 ============================================================
12:39:36.0843 2584 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:39:36.0843 2584 Drive \Device\Harddisk1\DR2 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:39:36.0843 2584 \Device\Harddisk0\DR0:
12:39:36.0843 2584 MBR used
12:39:36.0843 2584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:39:36.0843 2584 \Device\Harddisk1\DR2:
12:39:36.0843 2584 MBR used
12:39:36.0843 2584 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x8C8, BlocksNum 0xEEF738
12:39:37.0093 2584 Initialize success
12:39:37.0093 2584 ============================================================
12:39:57.0187 2760 ============================================================
12:39:57.0187 2760 Scan started
12:39:57.0187 2760 Mode: Manual; SigCheck; TDLFS;
12:39:57.0187 2760 ============================================================
12:39:57.0359 2760 3compxe - ok
12:39:57.0390 2760 Abiosdsk - ok
12:39:57.0421 2760 abp480n5 - ok
12:39:57.0484 2760 acedrv07 - ok
12:39:57.0531 2760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:39:59.0765 2760 ACPI - ok
12:39:59.0859 2760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:40:00.0015 2760 ACPIEC - ok
12:40:00.0062 2760 adpu160m - ok
12:40:00.0109 2760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:40:00.0218 2760 aec - ok
12:40:00.0250 2760 AFD (c1912c79364e1454d85817449c1222fe) C:\WINDOWS\System32\drivers\afd.sys
12:40:00.0250 2760 AFD ( Virus.Win32.ZAccess.k ) - infected
12:40:00.0250 2760 AFD - detected Virus.Win32.ZAccess.k (0)
12:40:00.0265 2760 Aha154x - ok
12:40:00.0281 2760 aic78u2 - ok
12:40:00.0296 2760 aic78xx - ok
12:40:00.0343 2760 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:40:00.0468 2760 Alerter - ok
12:40:00.0484 2760 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:40:00.0546 2760 ALG - ok
12:40:00.0593 2760 AliIde - ok
12:40:00.0609 2760 amdagp - ok
12:40:00.0625 2760 AmdLLD - ok
12:40:00.0640 2760 amsint - ok
12:40:00.0765 2760 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:40:00.0781 2760 Apple Mobile Device - ok
12:40:00.0859 2760 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:40:00.0953 2760 AppMgmt - ok
12:40:01.0015 2760 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:40:01.0125 2760 Arp1394 - ok
12:40:01.0140 2760 asc - ok
12:40:01.0156 2760 asc3350p - ok
12:40:01.0171 2760 asc3550 - ok
12:40:01.0187 2760 ASNDIS5 - ok
12:40:01.0250 2760 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:40:01.0281 2760 aspnet_state - ok
12:40:01.0375 2760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:40:01.0484 2760 AsyncMac - ok
12:40:01.0515 2760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:40:01.0640 2760 atapi - ok
12:40:01.0656 2760 Atdisk - ok
12:40:01.0656 2760 atiavpci - ok
12:40:01.0718 2760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:40:01.0843 2760 Atmarpc - ok
12:40:01.0875 2760 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:40:02.0000 2760 AudioSrv - ok
12:40:02.0062 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:40:02.0171 2760 audstub - ok
12:40:02.0218 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:40:02.0328 2760 Beep - ok
12:40:02.0421 2760 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:40:02.0593 2760 BITS - ok
12:40:02.0703 2760 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:40:02.0812 2760 Browser - ok
12:40:02.0812 2760 cachemgr - ok
12:40:02.0843 2760 cacheserver - ok
12:40:02.0843 2760 catchme - ok
12:40:02.0906 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:40:03.0031 2760 cbidf2k - ok
12:40:03.0062 2760 cd20xrnt - ok
12:40:03.0078 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:40:03.0187 2760 Cdaudio - ok
12:40:03.0218 2760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:40:03.0328 2760 Cdfs - ok
12:40:03.0359 2760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:40:03.0468 2760 Cdrom - ok
12:40:03.0484 2760 Changer - ok
12:40:03.0531 2760 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:40:03.0656 2760 CiSvc - ok
12:40:03.0656 2760 clientservice - ok
12:40:03.0718 2760 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:40:03.0828 2760 ClipSrv - ok
12:40:03.0906 2760 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:03.0968 2760 clr_optimization_v2.0.50727_32 - ok
12:40:04.0000 2760 CmdIde - ok
12:40:04.0015 2760 COMSysApp - ok
12:40:04.0031 2760 Cpqarray - ok
12:40:04.0093 2760 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:40:04.0218 2760 CryptSvc - ok
12:40:04.0234 2760 CTEAPSFX.DLL - ok
12:40:04.0250 2760 cwcspud - ok
12:40:04.0265 2760 cyberpowerups - ok
12:40:04.0281 2760 dac2w2k - ok
12:40:04.0296 2760 dac960nt - ok
12:40:04.0296 2760 dbustrcm - ok
12:40:04.0359 2760 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:40:04.0421 2760 DcomLaunch - ok
12:40:04.0484 2760 defwatch - ok
12:40:04.0546 2760 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
12:40:04.0562 2760 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
12:40:04.0562 2760 DgiVecp - detected UnsignedFile.Multi.Generic (1)
12:40:04.0640 2760 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:40:04.0750 2760 Dhcp - ok
12:40:04.0781 2760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:40:04.0875 2760 Disk - ok
12:40:04.0890 2760 dlaboiom - ok
12:40:04.0906 2760 dmadmin - ok
12:40:05.0000 2760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:40:05.0140 2760 dmboot - ok
12:40:05.0218 2760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:40:05.0343 2760 dmio - ok
12:40:05.0375 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:40:05.0468 2760 dmload - ok
12:40:05.0531 2760 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:40:05.0640 2760 dmserver - ok
12:40:05.0718 2760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:40:05.0812 2760 DMusic - ok
12:40:05.0890 2760 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:40:06.0031 2760 Dnscache - ok
12:40:06.0078 2760 dnsexit - ok
12:40:06.0140 2760 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:40:06.0234 2760 Dot3svc - ok
12:40:06.0250 2760 dpc_srv_webcast - ok
12:40:06.0281 2760 dpti2o - ok
12:40:06.0328 2760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:40:06.0421 2760 drmkaud - ok
12:40:06.0453 2760 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:40:06.0562 2760 EapHost - ok
12:40:06.0640 2760 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
12:40:06.0656 2760 ENETHUSB - ok
12:40:06.0703 2760 epson_pm_rpcv4_01 - ok
12:40:06.0750 2760 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:40:06.0875 2760 ERSvc - ok
12:40:06.0937 2760 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:40:06.0968 2760 Eventlog - ok
12:40:07.0046 2760 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:40:07.0093 2760 EventSystem - ok
12:40:07.0109 2760 fah@c:+fah+fah-service+fah502-console.exe - ok
12:40:07.0171 2760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:40:07.0281 2760 Fastfat - ok
12:40:07.0328 2760 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:40:07.0421 2760 FastUserSwitchingCompatibility - ok
12:40:07.0500 2760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:40:07.0609 2760 Fdc - ok
12:40:07.0656 2760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:40:07.0765 2760 Fips - ok
12:40:07.0781 2760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:40:07.0875 2760 Flpydisk - ok
12:40:07.0953 2760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:40:08.0046 2760 FltMgr - ok
12:40:08.0187 2760 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:40:08.0203 2760 FontCache3.0.0.0 - ok
12:40:08.0234 2760 forcewarewebinterface - ok
12:40:08.0296 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:40:08.0406 2760 Fs_Rec - ok
12:40:08.0453 2760 FTDIBUS - ok
12:40:08.0468 2760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:40:08.0578 2760 Ftdisk - ok
12:40:08.0625 2760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:40:08.0625 2760 GEARAspiWDM - ok
12:40:08.0640 2760 gemserv - ok
12:40:08.0640 2760 genmcmn - ok
12:40:08.0656 2760 ghoststartservice - ok
12:40:08.0656 2760 GMSIPCI - ok
12:40:08.0718 2760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:40:08.0828 2760 Gpc - ok
12:40:08.0843 2760 GT891x - ok
12:40:08.0875 2760 Hardlock - ok
12:40:08.0875 2760 hclinetd - ok
12:40:08.0937 2760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:40:09.0046 2760 HDAudBus - ok
12:40:09.0140 2760 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:40:09.0265 2760 helpsvc - ok
12:40:09.0328 2760 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:40:09.0421 2760 HidServ - ok
12:40:09.0484 2760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:40:09.0593 2760 HidUsb - ok
12:40:09.0687 2760 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:40:09.0781 2760 hkmsvc - ok
12:40:09.0812 2760 hpn - ok
12:40:09.0859 2760 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:40:09.0937 2760 HPZid412 - ok
12:40:09.0984 2760 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:40:10.0062 2760 HPZipr12 - ok
12:40:10.0062 2760 HPZius12 - ok
12:40:10.0140 2760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:40:10.0171 2760 HTTP - ok
12:40:10.0218 2760 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:40:10.0343 2760 HTTPFilter - ok
12:40:10.0359 2760 i2omgmt - ok
12:40:10.0375 2760 i2omp - ok
12:40:10.0421 2760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:40:10.0546 2760 i8042prt - ok
12:40:10.0640 2760 ialm (0a50599e2afecc2142329bdd7a137463) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:40:10.0796 2760 ialm - ok
12:40:10.0843 2760 idebusdr - ok
12:40:10.0937 2760 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:40:11.0046 2760 idsvc - ok
12:40:11.0078 2760 igfx - ok
12:40:11.0093 2760 ilicensesvc - ok
12:40:11.0156 2760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:40:11.0265 2760 Imapi - ok
12:40:11.0328 2760 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:40:11.0437 2760 ImapiService - ok
12:40:11.0468 2760 ini910u - ok
12:40:11.0484 2760 ino_flpy - ok
12:40:11.0640 2760 IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:40:11.0937 2760 IntcAzAudAddService - ok
12:40:12.0046 2760 IntelIde - ok
12:40:12.0093 2760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:40:12.0187 2760 intelppm - ok
12:40:12.0203 2760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:40:12.0312 2760 Ip6Fw - ok
12:40:12.0359 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:40:12.0484 2760 IpFilterDriver - ok
12:40:12.0515 2760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:40:12.0609 2760 IpInIp - ok
12:40:12.0671 2760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:40:12.0781 2760 IpNat - ok
12:40:12.0875 2760 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
12:40:12.0906 2760 iPod Service - ok
12:40:13.0015 2760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:40:13.0171 2760 IPSec - ok
12:40:13.0218 2760 irda - ok
12:40:13.0281 2760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:40:13.0328 2760 IRENUM - ok
12:40:13.0421 2760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:40:13.0531 2760 isapnp - ok
12:40:13.0687 2760 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
12:40:13.0734 2760 JavaQuickStarterService - ok
12:40:13.0843 2760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:40:13.0953 2760 Kbdclass - ok
12:40:14.0031 2760 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:40:14.0156 2760 kbdhid - ok
12:40:14.0187 2760 keriomailserver - ok
12:40:14.0234 2760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:40:14.0328 2760 kmixer - ok
12:40:14.0328 2760 KMW_KBD - ok
12:40:14.0406 2760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:40:14.0468 2760 KSecDD - ok
12:40:14.0562 2760 L1c (31ea3f3219abdd2a6ee0969cb3dc54e6) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
12:40:14.0578 2760 L1c - ok
12:40:14.0671 2760 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:40:14.0750 2760 lanmanserver - ok
12:40:14.0843 2760 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:40:14.0906 2760 lanmanworkstation - ok
12:40:14.0968 2760 lbrtfdc - ok
12:40:15.0031 2760 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:40:15.0140 2760 LmHosts - ok
12:40:15.0156 2760 lmouflt2 - ok
12:40:15.0171 2760 lxrsii1s - ok
12:40:15.0265 2760 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
12:40:15.0281 2760 McAfeeFramework - ok
12:40:15.0359 2760 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:40:15.0390 2760 MDM ( UnsignedFile.Multi.Generic ) - warning
12:40:15.0390 2760 MDM - detected UnsignedFile.Multi.Generic (1)
12:40:15.0468 2760 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:40:15.0562 2760 Messenger - ok
12:40:15.0625 2760 mferkdk - ok
12:40:15.0718 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:40:15.0828 2760 mnmdd - ok
12:40:15.0890 2760 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:40:15.0984 2760 mnmsrvc - ok
12:40:16.0015 2760 mnsframework - ok
12:40:16.0078 2760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:40:16.0187 2760 Modem - ok
12:40:16.0203 2760 modemcsa - ok
12:40:16.0265 2760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:40:16.0375 2760 Mouclass - ok
12:40:16.0406 2760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:40:16.0515 2760 mouhid - ok
12:40:16.0593 2760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:40:16.0718 2760 MountMgr - ok
12:40:16.0734 2760 mraid35x - ok
12:40:16.0734 2760 MREMP50a64 - ok
12:40:16.0750 2760 mrpostman - ok
12:40:16.0765 2760 MRV6X32P - ok
12:40:16.0828 2760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:40:16.0921 2760 MRxDAV - ok
12:40:16.0968 2760 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:40:17.0062 2760 MRxSmb - ok
12:40:17.0093 2760 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:40:17.0203 2760 MSDTC - ok
12:40:17.0265 2760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:40:17.0375 2760 Msfs - ok
12:40:17.0375 2760 MSICPL - ok
12:40:17.0390 2760 MSIServer - ok
12:40:17.0468 2760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:40:17.0578 2760 MSKSSRV - ok
12:40:17.0593 2760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:40:17.0687 2760 MSPCLOCK - ok
12:40:17.0718 2760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:40:17.0828 2760 MSPQM - ok
12:40:17.0875 2760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:40:17.0968 2760 mssmbios - ok
12:40:18.0000 2760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:40:18.0046 2760 Mup - ok
12:40:18.0062 2760 MxlW2k - ok
12:40:18.0187 2760 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:40:18.0281 2760 napagent - ok
12:40:18.0359 2760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:40:18.0468 2760 NDIS - ok
12:40:18.0500 2760 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:40:18.0546 2760 NdisTapi - ok
12:40:18.0593 2760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:40:18.0703 2760 Ndisuio - ok
12:40:18.0750 2760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:40:18.0875 2760 NdisWan - ok
12:40:18.0953 2760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:40:19.0000 2760 NDProxy - ok
12:40:19.0093 2760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:40:19.0218 2760 NetBIOS - ok
12:40:19.0265 2760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:40:19.0375 2760 NetBT - ok
12:40:19.0406 2760 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:40:19.0515 2760 NetDDE - ok
12:40:19.0531 2760 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:40:19.0625 2760 NetDDEdsdm - ok
12:40:19.0703 2760 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:40:19.0812 2760 Netlogon - ok
12:40:19.0843 2760 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:40:19.0953 2760 Netman - ok
12:40:20.0015 2760 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:40:20.0031 2760 NetTcpPortSharing - ok
12:40:20.0109 2760 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:40:20.0218 2760 NIC1394 - ok
12:40:20.0312 2760 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:40:20.0343 2760 Nla - ok
12:40:20.0406 2760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:40:20.0515 2760 Npfs - ok
12:40:20.0515 2760 NTACCESS - ok
12:40:20.0546 2760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:40:20.0687 2760 Ntfs - ok
12:40:20.0734 2760 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:40:20.0828 2760 NtLmSsp - ok
12:40:20.0859 2760 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:40:20.0984 2760 NtmsSvc - ok
12:40:21.0046 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:40:21.0156 2760 Null - ok
12:40:21.0203 2760 NWHOST - ok
12:40:21.0265 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:40:21.0359 2760 NwlnkFlt - ok
12:40:21.0390 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:40:21.0500 2760 NwlnkFwd - ok
12:40:21.0625 2760 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:40:21.0640 2760 odserv - ok
12:40:21.0750 2760 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:40:21.0843 2760 ohci1394 - ok
12:40:21.0890 2760 OracleOraHome92ClientCache (e634abb8346e8c70c7c90c9311993819) C:\WINDOWS\system32\ati.dll
12:40:22.0000 2760 OracleOraHome92ClientCache - ok
12:40:22.0000 2760 oracle_load_balancer_60_server-forms6ip9 - ok
12:40:22.0031 2760 orbmediaservice - ok
12:40:22.0109 2760 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:22.0125 2760 ose - ok
12:40:22.0156 2760 pae_avs - ok
12:40:22.0218 2760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:40:22.0328 2760 Parport - ok
12:40:22.0359 2760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:40:22.0468 2760 PartMgr - ok
12:40:22.0515 2760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:40:22.0625 2760 ParVdm - ok
12:40:22.0671 2760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:40:22.0781 2760 PCI - ok
12:40:22.0796 2760 PCIDump - ok
12:40:22.0812 2760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:40:22.0906 2760 PCIIde - ok
12:40:23.0000 2760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:40:23.0109 2760 Pcmcia - ok
12:40:23.0187 2760 PDCOMP - ok
12:40:23.0203 2760 pdengine - ok
12:40:23.0203 2760 PDFRAME - ok
12:40:23.0234 2760 PDRELI - ok
12:40:23.0250 2760 PDRFRAME - ok
12:40:23.0250 2760 penrendezvous - ok
12:40:23.0281 2760 perc2 - ok
12:40:23.0281 2760 perc2hib - ok
12:40:23.0312 2760 pid_0928 - ok
12:40:23.0312 2760 pinnaclemarvinusb - ok
12:40:23.0375 2760 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:40:23.0390 2760 PlugPlay - ok
12:40:23.0437 2760 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
12:40:23.0437 2760 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:40:23.0437 2760 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:40:23.0484 2760 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:40:23.0578 2760 PolicyAgent - ok
12:40:23.0640 2760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:40:23.0750 2760 PptpMiniport - ok
12:40:23.0765 2760 prohlp02 - ok
12:40:23.0828 2760 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:40:23.0921 2760 ProtectedStorage - ok
12:40:23.0921 2760 protectionservice - ok
12:40:23.0968 2760 prtg4service - ok
12:40:24.0015 2760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:40:24.0125 2760 PSched - ok
12:40:24.0234 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:40:24.0328 2760 Ptilink - ok
12:40:24.0343 2760 pwkntmon - ok
12:40:24.0375 2760 ql1080 - ok
12:40:24.0375 2760 Ql10wnt - ok
12:40:24.0390 2760 ql12160 - ok
12:40:24.0421 2760 ql1240 - ok
12:40:24.0421 2760 ql1280 - ok
12:40:24.0437 2760 qmofiltr - ok
12:40:24.0500 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:40:24.0593 2760 RasAcd - ok
12:40:24.0625 2760 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:40:24.0734 2760 RasAuto - ok
12:40:24.0765 2760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:40:24.0875 2760 Rasl2tp - ok
12:40:24.0953 2760 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:40:25.0046 2760 RasMan - ok
12:40:25.0109 2760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:40:25.0218 2760 RasPppoe - ok
12:40:25.0312 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:40:25.0406 2760 Raspti - ok
12:40:25.0453 2760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:40:25.0546 2760 Rdbss - ok
12:40:25.0640 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:40:25.0734 2760 RDPCDD - ok
12:40:25.0781 2760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:40:25.0906 2760 rdpdr - ok
12:40:25.0984 2760 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:40:26.0031 2760 RDPWD - ok
12:40:26.0078 2760 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:40:26.0171 2760 RDSessMgr - ok
12:40:26.0250 2760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:40:26.0343 2760 redbook - ok
12:40:26.0437 2760 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:40:26.0546 2760 RemoteAccess - ok
12:40:26.0593 2760 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:40:26.0671 2760 RemoteRegistry - ok
12:40:26.0734 2760 rmedia - ok
12:40:26.0781 2760 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:40:26.0875 2760 RpcLocator - ok
12:40:26.0968 2760 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:40:27.0000 2760 RpcSs - ok
12:40:27.0031 2760 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:40:27.0140 2760 RSVP - ok
12:40:27.0203 2760 RTL8023xp (6dbd011d47ebd394a5ea7843b8afa7ea) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:40:27.0281 2760 RTL8023xp - ok
12:40:27.0328 2760 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:40:27.0390 2760 RTLE8023xp - ok
12:40:27.0437 2760 s3twistr - ok
12:40:27.0500 2760 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:40:27.0593 2760 SamSs - ok
12:40:27.0671 2760 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:40:27.0796 2760 SCardSvr - ok
12:40:27.0843 2760 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:40:27.0968 2760 Schedule - ok
12:40:27.0968 2760 SDdriver - ok
12:40:28.0000 2760 SE2Bobex - ok
12:40:28.0015 2760 se2Dnd5 - ok
12:40:28.0062 2760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:40:28.0125 2760 Secdrv - ok
12:40:28.0203 2760 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:40:28.0312 2760 seclogon - ok
12:40:28.0343 2760 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:40:28.0453 2760 SENS - ok
12:40:28.0468 2760 ser2plms - ok
12:40:28.0515 2760 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:40:28.0609 2760 serenum - ok
12:40:28.0656 2760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:40:28.0750 2760 Serial - ok
12:40:28.0765 2760 service1 - ok
12:40:28.0781 2760 SetupNTGLM7X - ok
12:40:28.0843 2760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:40:28.0953 2760 Sfloppy - ok
12:40:29.0000 2760 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:40:29.0125 2760 SharedAccess - ok
12:40:29.0171 2760 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:40:29.0203 2760 ShellHWDetection - ok
12:40:29.0203 2760 SilverLink - ok
12:40:29.0234 2760 Simbad - ok
12:40:29.0265 2760 sndsrvc - ok
12:40:29.0281 2760 snpstd2 - ok
12:40:29.0296 2760 Sparrow - ok
12:40:29.0312 2760 spcstb - ok
12:40:29.0312 2760 speakerphone - ok
12:40:29.0328 2760 speedfan - ok
12:40:29.0390 2760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:40:29.0500 2760 splitter - ok
12:40:29.0562 2760 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:40:29.0625 2760 Spooler - ok
12:40:29.0687 2760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:40:29.0750 2760 sr - ok
12:40:29.0796 2760 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:40:29.0843 2760 srservice - ok
12:40:29.0890 2760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:40:29.0953 2760 Srv - ok
12:40:29.0968 2760 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:40:30.0046 2760 SSDPSRV - ok
12:40:30.0046 2760 ssscsisv - ok
12:40:30.0062 2760 statusagent4 - ok
12:40:30.0140 2760 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:40:30.0250 2760 stisvc - ok
12:40:30.0296 2760 StkScan - ok
12:40:30.0359 2760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:40:30.0484 2760 swenum - ok
12:40:30.0531 2760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:40:30.0625 2760 swmidi - ok
12:40:30.0625 2760 SwPrv - ok
12:40:30.0640 2760 SWUMX51 - ok
12:40:30.0656 2760 symc810 - ok
12:40:30.0656 2760 symc8xx - ok
12:40:30.0671 2760 symdns - ok
12:40:30.0687 2760 symndis - ok
12:40:30.0687 2760 sym_hi - ok
12:40:30.0703 2760 sym_u3 - ok
12:40:30.0765 2760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:40:30.0890 2760 sysaudio - ok
12:40:30.0921 2760 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:40:31.0031 2760 SysmonLog - ok
12:40:31.0078 2760 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:40:31.0203 2760 TapiSrv - ok
12:40:31.0296 2760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:40:31.0328 2760 Tcpip - ok
12:40:31.0375 2760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:40:31.0484 2760 TDPIPE - ok
12:40:31.0515 2760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:40:31.0609 2760 TDTCP - ok
12:40:31.0640 2760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:40:31.0750 2760 TermDD - ok
12:40:31.0812 2760 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:40:31.0906 2760 TermService - ok
12:40:32.0015 2760 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:40:32.0015 2760 Themes - ok
12:40:32.0046 2760 thinkpadmodemservice - ok
12:40:32.0062 2760 tifm - ok
12:40:32.0078 2760 tiwlnsvc - ok
12:40:32.0125 2760 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:40:32.0171 2760 TlntSvr - ok
12:40:32.0250 2760 TNaviSrv - ok
12:40:32.0265 2760 toshidpt - ok
12:40:32.0281 2760 TosIde - ok
12:40:32.0359 2760 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:40:32.0468 2760 TrkWks - ok
12:40:32.0515 2760 tvtnetwk - ok
12:40:32.0578 2760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:40:32.0671 2760 Udfs - ok
12:40:32.0687 2760 Uim_IM - ok
12:40:32.0703 2760 ultra - ok
12:40:32.0765 2760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:40:32.0890 2760 Update - ok
12:40:32.0906 2760 UpdateCenterService - ok
12:40:32.0921 2760 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:40:32.0984 2760 upnphost - ok
12:40:33.0000 2760 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:40:33.0093 2760 UPS - ok
12:40:33.0156 2760 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:40:33.0187 2760 USBAAPL - ok
12:40:33.0203 2760 usbaudio - ok
12:40:33.0250 2760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:40:33.0343 2760 usbccgp - ok
12:40:33.0390 2760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:40:33.0500 2760 usbehci - ok
12:40:33.0531 2760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:40:33.0625 2760 usbhub - ok
12:40:33.0718 2760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:40:33.0828 2760 usbprint - ok
12:40:33.0906 2760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:40:34.0015 2760 usbscan - ok
12:40:34.0062 2760 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:40:34.0156 2760 usbstor - ok
12:40:34.0234 2760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:40:34.0343 2760 usbuhci - ok
12:40:34.0375 2760 useraccess - ok
12:40:34.0390 2760 USIUDF - ok
12:40:34.0406 2760 VAIOMediaPlatform-PhotoServer-HTTP - ok
12:40:34.0421 2760 vc8secs - ok
12:40:34.0437 2760 vetefile - ok
12:40:34.0500 2760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:40:34.0609 2760 VgaSave - ok
12:40:34.0671 2760 VIAHdAudAddService (33e4d210b540dfd9ebac58fb3e510c4f) C:\WINDOWS\system32\drivers\viahduaa.sys
12:40:34.0750 2760 VIAHdAudAddService - ok
12:40:34.0765 2760 ViaIde - ok
12:40:34.0765 2760 videoacceleratorengine - ok
12:40:34.0781 2760 vmnetdhcp - ok
12:40:34.0843 2760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:40:34.0953 2760 VolSnap - ok
12:40:34.0984 2760 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:40:35.0031 2760 VSS - ok
12:40:35.0062 2760 w200mdfl - ok
12:40:35.0093 2760 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:40:35.0187 2760 W32Time - ok
12:40:35.0234 2760 w39n51 - ok
12:40:35.0265 2760 W700mdm - ok
12:40:35.0343 2760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:40:35.0453 2760 Wanarp - ok
12:40:35.0453 2760 wdelmgr20 - ok
12:40:35.0484 2760 WDICA - ok
12:40:35.0500 2760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:40:35.0593 2760 wdmaud - ok
12:40:35.0640 2760 WD_FireWire_HID - ok
12:40:35.0687 2760 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:40:35.0796 2760 WebClient - ok
12:40:35.0812 2760 webrootspysweeperservice - ok
12:40:35.0828 2760 wg5n - ok
12:40:35.0890 2760 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:40:35.0984 2760 winmgmt - ok
12:40:36.0046 2760 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
12:40:36.0093 2760 WmdmPmSN - ok
12:40:36.0140 2760 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:40:36.0203 2760 Wmi - ok
12:40:36.0265 2760 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:40:36.0406 2760 WmiApSrv - ok
12:40:36.0468 2760 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:40:36.0500 2760 WpdUsb - ok
12:40:36.0531 2760 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:40:36.0625 2760 WS2IFSL - ok
12:40:36.0671 2760 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:40:36.0765 2760 wscsvc - ok
12:40:36.0781 2760 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:40:36.0890 2760 wuauserv - ok
12:40:36.0953 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:40:37.0000 2760 WudfPf - ok
12:40:37.0046 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:40:37.0062 2760 WudfRd - ok
12:40:37.0093 2760 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:40:37.0125 2760 WudfSvc - ok
12:40:37.0187 2760 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:40:37.0281 2760 WZCSVC - ok
12:40:37.0359 2760 XAudio - ok
12:40:37.0421 2760 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:40:37.0531 2760 xmlprov - ok
12:40:37.0562 2760 yukonwxp - ok
12:40:37.0625 2760 zpsc - ok
12:40:37.0656 2760 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
12:40:37.0687 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:40:37.0687 2760 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:40:37.0718 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:40:37.0718 2760 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:40:37.0718 2760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
12:40:40.0531 2760 \Device\Harddisk1\DR2 - ok
12:40:40.0531 2760 Boot (0x1200) (1cfa737c857ba825bbcacf7285697444) \Device\Harddisk0\DR0\Partition0
12:40:40.0531 2760 \Device\Harddisk0\DR0\Partition0 - ok
12:40:40.0546 2760 Boot (0x1200) (1ec139b3af41e36e5895b4c120b9df44) \Device\Harddisk1\DR2\Partition0
12:40:40.0546 2760 \Device\Harddisk1\DR2\Partition0 - ok
12:40:40.0546 2760 ============================================================
12:40:40.0546 2760 Scan finished
12:40:40.0546 2760 ============================================================
12:40:40.0656 2840 Detected object count: 6
12:40:40.0656 2840 Actual detected object count: 6
13:04:51.0046 2840 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
13:04:52.0187 2840 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
13:04:52.0828 2840 Backup copy found, using it..
13:04:52.0859 2840 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
13:04:54.0562 2840 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:04:54.0562 2840 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:54.0562 2840 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:54.0562 2840 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:54.0562 2840 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:54.0562 2840 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:54.0562 2840 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:04:54.0640 2840 \Device\Harddisk0\DR0\# - copied to quarantine
13:04:54.0640 2840 \Device\Harddisk0\DR0 - copied to quarantine
13:04:54.0671 2840 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:04:54.0796 2840 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:04:54.0796 2840 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:04:54.0796 2840 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:04:54.0812 2840 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:04:54.0812 2840 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:04:54.0812 2840 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:04:54.0828 2840 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:04:54.0828 2840 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:04:54.0828 2840 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:04:54.0859 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:04:54.0859 2840 \Device\Harddisk0\DR0 - ok
13:04:54.0984 2840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:04:54.0984 2840 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:04:54.0984 2840 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:07:26.0515 3620 Deinitialize success


My Combofix report


ComboFix 12-04-10.02 - User 04/12/2012 5:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2012.1660 [GMT 10:00]
Running from: E:\PCHelpForum.exe.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 18:52 . 2012-04-11 18:52 -------- d-----w- c:\windows\LastGood
2012-04-11 03:04 . 2012-04-11 03:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 05:56 . 2008-04-13 12:04 36463 -c--a-w- c:\windows\system32\dllcache\ati1tuxx.sys
2012-04-10 05:56 . 2008-04-13 12:04 36463 ----a-w- c:\windows\system32\drivers\ati1tuxx.sys
2012-04-10 05:56 . 2008-04-13 12:04 56623 -c--a-w- c:\windows\system32\dllcache\ati1btxx.sys
2012-04-10 05:56 . 2008-04-13 12:04 56623 ----a-w- c:\windows\system32\drivers\ati1btxx.sys
2012-04-05 06:11 . 2012-04-05 06:11 -------- d-----w- c:\documents and settings\User.PC5\Local Settings\Application Data\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}
2012-04-05 05:42 . 2012-04-10 07:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\{2CF1AF18-7EE2-11E1-826D-B8AC6F996F26}
2012-04-04 05:54 . 2012-04-04 05:54 -------- d-----w- c:\program files\Veetle
2012-04-04 05:54 . 2012-04-04 05:54 -------- d-----w- c:\program files\Bonjour
2012-04-04 05:54 . 2012-04-04 05:54 -------- d-----w- c:\program files\Ask.com
2012-04-04 05:54 . 2012-04-04 05:54 -------- d-----w- c:\documents and settings\User.PC5\Local Settings\Application Data\AskToolbar
2012-04-02 07:36 . 2012-04-04 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-04-02 07:34 . 2012-04-04 00:36 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-04-02 06:14 . 2012-04-02 06:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-29 20:07 . 2012-03-29 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-29 20:07 . 2012-03-29 20:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-03-29 19:59 . 2012-03-29 19:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-03-29 19:58 . 2012-04-02 00:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 03:07 . 2004-08-03 13:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-10 03:41 . 2006-05-05 09:41 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-04 05:56 . 2009-05-25 23:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-10-01 05:00 . 2007-06-06 06:14 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_06.19.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-11 18:51 . 2012-04-11 18:51 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
+ 2003-03-31 12:00 . 2012-04-11 18:55 85702 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2012-04-10 06:00 85702 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2012-04-11 18:55 476208 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2012-04-10 06:00 476208 c:\windows\system32\perfh009.dat
+ 2007-05-30 02:54 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2011-08-10 19:45 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2007-07-09 05:13 . 2008-04-13 19:41 136192 c:\windows\system32\dllcache\aaclient.dll
+ 2009-05-29 07:36 . 2012-04-10 07:35 1498192 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-03 14:56 . 2008-04-13 19:41 1852928 c:\windows\system32\dllcache\acgenral.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-12-13 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [10/20/2010 10:01 AM 61040]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/20/2010 10:06 AM 1145456]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
pae_avs
w39n51
videoacceleratorengine
mnsframework
sndsrvc
fah@c:+fah+fah-service+fah502-console.exe
hclinetd
s3twistr
zpsc
mrpostman
ilicensesvc
usbaudio
dlaboiom
vc8secs
webrootspysweeperservice
speedfan
tiwlnsvc
acedrv07
protectionservice
lxrsii1s
W700mdm
cyberpowerups
rmedia
clientservice
yukonwxp
MREMP50a64
USIUDF
thinkpadmodemservice
MRV6X32P
wg5n
igfx
Hardlock
ser2plms
ino_flpy
dpc_srv_webcast
StkScan
KMW_KBD
SWUMX51
MxlW2k
dnsexit
symdns
irda
SE2Bobex
wdelmgr20
lmouflt2
se2Dnd5
cwcspud
prohlp02
forcewarewebinterface
dlcq_device
niorbk
vserial
cachemgr
cacheserver
oracle_load_balancer_60_server-forms6ip9
orbmediaservice
spcstb
w200mdfl
Uim_IM
TNaviSrv
FTDIBUS
tvtnetwk
amdagp
gemserv
RapiMgr
service1
atiavpci
GT891x
ssscsisv
idebusdr
ASNDIS5
SDdriver
penrendezvous
toshidpt
keriomailserver
pdengine
SilverLink
CTEAPSFX.DLL
tifm
3compxe
pid_0928
XAudio
modemcsa
vmnetdhcp
VAIOMediaPlatform-PhotoServer-HTTP
UpdateCenterService
qmofiltr
useraccess
vetefile
statusagent4
snpstd2
symndis
pwkntmon
epson_pm_rpcv4_01
dbustrcm
NWHOST
prtg4service
OracleOraHome92ClientCache
speakerphone
genmcmn
WD_FireWire_HID
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\At10.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At12.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-11 c:\windows\Tasks\At14.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At16.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At18.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At20.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At22.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-11 c:\windows\Tasks\At24.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-11 c:\windows\Tasks\At26.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-11 c:\windows\Tasks\At28.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-11 c:\windows\Tasks\At30.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At32.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At34.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At36.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At38.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At4.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At40.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\At42.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At44.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At46.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At48.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At50.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At6.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-04 c:\windows\Tasks\At8.job
- c:\windows\Fonts\tQemmcR5.com [2012-04-02 05:31]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924813122-3985655524-3102033309-1010Core1cd03fec1d53bc.job
- c:\documents and settings\User.PC5\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 07:09]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924813122-3985655524-3102033309-1010UA.job
- c:\documents and settings\User.PC5\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 07:09]
.
2012-04-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
.
2012-04-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com.au/
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14670557.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 05:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,62,8c,9c,31,df,28,40,af,08,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,62,8c,9c,31,df,28,40,af,08,96,\
.
[HKEY_USERS\S-1-5-21-1924813122-3985655524-3102033309-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*‘%ÿ*ª*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1924813122-3985655524-3102033309-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*‘%ÿ*ª*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c8,a3,48,ff,d9,5e,b0,31,f6,3d,52,12,5a,63,b4,39,3f,98,0d,f6,22,
a2,55,39,71,b3,2d,29,17,1e,fc,85,6f,85,82,5d,f2,1e,e5,22,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ce4a1d9f-0e0a-445f-a958-80118526f5f0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000036
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
.
Completion time: 2012-04-12 05:19:41
ComboFix-quarantined-files.txt 2012-04-11 19:19
ComboFix2.txt 2012-04-10 06:27
ComboFix3.txt 2008-12-08 22:51
.
Pre-Run: 39,157,669,888 bytes free
Post-Run: 39,162,228,736 bytes free
.
- - End Of File - - 6F89D571A390D7A5C5D1EAFFE574F3F6

And more cleaning to do.

========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:

File::
c:\windows\Tasks\*.job

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

==================



I'd like you to scan your machine with ESET OnlineScan

• Scan your system with [URL="http://www.eset.com/onlinescan/"]Online Scanner[/URL]
  
  
• Place a check mark in the box YES, I accept the Terms Of Use.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  
• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option to "Remove Found Threats" is UN checked.
  
• Push the "Start" button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

Thanks Pancake.

I could not find the Combofix.txt on my comp and no internet after ran combofix. My Esetscan report.


C:\CCE_Quarantine\{E94968A7-CF05-4CA5-B607-B9C8599767A2} Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\649e4dc0-64542adb probably a variant of Java/TrojanDownloader.Agent.NCT trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\5209f4ba-283d1d12 multiple threats deleted - quarantined
C:\Documents and Settings\User.PC5\Application Data\Mozilla\Firefox\Profiles\lh80uiqi.default\extensions\youtube@youtube2.com.xpi JS/TrojanClicker.Agent.NCX.Gen trojan deleted - quarantined
C:\Documents and Settings\User.PC5\Application Data\Sun\Java\Deployment\cache\6.0\18\2f2d5712-5a41ba91 multiple threats deleted - quarantined
C:\Documents and Settings\User.PC5\Application Data\Sun\Java\Deployment\cache\6.0\59\394c297b-45beb0f9 Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\Documents and Settings\User.PC5\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000be7 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\qserver.dll.vir Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\service1.dll.vir Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP921\A0235377.sys a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP922\A0236381.sys a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP922\A0237381.sys a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0244592.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0247593.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0251611.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0251691.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0251733.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0252733.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP929\A0252747.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP930\A0253748.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP930\A0254747.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP931\A0255747.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP931\A0256747.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP931\A0257747.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP933\A0257814.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP934\A0258199.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP934\A0259199.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP935\A0259584.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP936\A0259643.data a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP936\A0259716.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP936\A0259765.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP936\A0259800.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP936\A0259852.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP937\A0260863.exe a variant of Win32/Kryptik.ADVI trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP937\A0260866.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP937\A0262871.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP937\A0262872.exe a variant of Win32/Kryptik.ADVI trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0264875.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265875.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265887.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265889.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265975.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265987.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0265990.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0266112.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP938\A0266113.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP939\A0266489.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BC4AD5AE-B46D-44FF-936B-392669CD8D1F}\RP940\A0268817.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.04.2012_12.39.35\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined

Ok.How are things now.?

Thanks Pancake. My internet and computer is working well now. Once again thanks for your help.

Your welcome.