Hello guys,
Im struggling with this I have one or two rootkit types / malware trojans that i cant get rid of.

- I use tried Mcafee, im registered through sky they give me it with the internet sub
- I have tried Spybot S&D
- I have tried Malwarebytes programme too

Some symptoms -

1) win32.FraudLoad.edt (S&D found it)
2) win32.Palevo (S&D found it)
3) windows security centre disabled (S&D found it)
4) There is something in internet explorer because it often opens up a random page instead of the one ive clicked on, often when I look in history the computers been using the internet to visit sites that I havent been to mainly casino adverts and banner sites etc..
5) When I try and load Spybot S&D it sometimes tells me there is no Disk, please insert disk into drive!, I eventually manage to get around it but looks like somethings messing with it.
6) Mcaffee often switches itself off completely
7) Mcaffee sometimes switches off parts of the programme not completely just some parts
8)Ive found now to my misery that ebay is been interfered with by the Spybot S&D! Maybe just a side effect of using the software but its annoying because it blocks me selling anything.

OK, here are the log files. This is the one from HIjackthis, more are under from other progs like gmer and dds.

Thanks so much in advance, this is doing my head in.
ZEN

*** HIJACK LOG ***

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:45:48, on 01/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
C:\Users\Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
T:\Spyware Removal Tools\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110725094451.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 9\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Spybot-S&D 2 Hooks Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

--
End of file - 8548 bytes

*** HIJACKTHIS STARTUP LIST***
StartupList report, 01/08/2011, 17:00:42
StartupList version: 1.52.2
Started from : T:\Spyware Removal Tools\HiJackThis\HiJackThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v9.00 (9.00.8112.16421)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
C:\Users\Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
T:\Spyware Removal Tools\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Trebonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Dropbox.lnk = Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MMReminderService = C:\Program Files\Mindjet\MindManager 9\MMReminderService.exe
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
SDTray = "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Malwarebytes' Anti-Malware = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ANT Agent = C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\System32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\System32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll - {27B4851A-3207-45A2-B947-BE8AFE6163AB}
(no name) - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll - {6FE6A929-59D1-4763-91AD-29B61CFFB35B}
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110725094451.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll - {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
URLRedirectionBHO - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL - {B4F3A835-0E21-4959-BA22-42B3008E02FF}
(no name) - C:\Program Files\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AutoKMS.job
Check for updates (Spybot - Search & Destroy).job
Refresh immunization (Spybot - Search & Destroy).job
Scan the system (Spybot - Search & Destroy).job
wwfcip.job

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 10.0.0]
InProcServer32 = C:\Program Files\Java\jre7\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

[Java Plug-in 1.7.0]
InProcServer32 = C:\Program Files\Java\jre7\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

[Java Plug-in 1.7.0]
InProcServer32 = C:\Program Files\Java\jre7\bin\npjpi170.dll
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\Windows\system32\Macromed\Flash\Flash10u.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: system32\DRIVERS\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (manual start)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
atikmdag: system32\DRIVERS\atikmdag.sys (manual start)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbdx.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60x.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
McAfee Inc. cfwids: system32\drivers\cfwids.sys (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\drivers\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Compbatt: \SystemRoot\system32\drivers\compbatt.sys (manual start)
Composite Bus Enumerator Driver: system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\cscsvc.dll,-202: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\drivers\disk.sys (system)
dmvsc: \SystemRoot\system32\drivers\dmvsc.sys (manual start)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbdx.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (manual start)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
HsfXAudioService: %SystemRoot%\system32\svchost.exe -k HsfXAudioService (autostart)
HSF_DPV: system32\DRIVERS\HSX_DPV.sys (manual start)
HSXHWBS2: system32\DRIVERS\HSXHWBS2.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
HWiNFO32/64 Kernel Driver: \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS (system)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: \SystemRoot\system32\drivers\i8042prt.sys (manual start)
Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service for Realtek HD Audio (WDM): system32\drivers\RTKVHDA.sys (manual start)
intelide: system32\drivers\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0: system32\DRIVERS\libusb0.sys (manual start)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
MBAMProtector: \??\C:\Windows\system32\drivers\mbam.sys (manual start)
MBAMService: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" (autostart)
McAfee SiteAdvisor Service: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McAfee Personal Firewall Service: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McAfee Services: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McAfee VirusScan Announcer: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McAfee Network Agent: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McAfee Scanner: "C:\Program Files\McAfee\VirusScan\mcods.exe" (manual start)
McAfee Proxy Service: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
McShield: "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)
McAfee Inc. mfeapfk: system32\drivers\mfeapfk.sys (manual start)
McAfee Inc. mfeavfk: system32\drivers\mfeavfk.sys (manual start)
McAfee Inc. mfebopk: system32\drivers\mfebopk.sys (manual start)
McAfee Firewall Core Service: "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" (autostart)
McAfee Inc. mfefirek: system32\drivers\mfefirek.sys (manual start)
McAfee Inc. mfehidk: system32\drivers\mfehidk.sys (system)
McAfee NDIS Light Filter: system32\DRIVERS\mfenlfk.sys (system)
McAfee Inc. mferkdet: system32\drivers\mferkdet.sys (manual start)
McAfee Validation Trust Protection Service: "C:\Windows\system32\mfevtps.exe" (autostart)
McAfee Inc. mfewfpk: system32\drivers\mfewfpk.sys (system)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (manual start)
msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
McAfee Anti-Spam Service: "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (autostart)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Office Software Protection Platform: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
Parvdm: system32\DRIVERS\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%SystemRoot%\system32\peerdistsvc.dll,-9000: %SystemRoot%\System32\svchost.exe -k PeerDist (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: system32\DRIVERS\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\drivers\rdpdr.sys (manual start)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek 10/100 NIC Family NDIS x86 Driver: system32\DRIVERS\Rtnicxp.sys (manual start)
s3cap: \SystemRoot\system32\drivers\vms3cap.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Spybot-S&D 2 Hook Driver: \??\C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys (system)
Spybot-S&D 2 Hooks Service: C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (autostart)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
Spybot-S&D 2 Scanner Service: C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (autostart)
Spybot-S&D 2 Updating Service: C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (autostart)
Spybot-S&D 2 Security Center Service: C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (autostart)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS163 usb Wireless LAN Adapter Driver: system32\DRIVERS\sis163u.sys (manual start)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
@%SystemRoot%\system32\vmstorfltres.dll,-1000: system32\drivers\vmstorfl.sys (system)
storvsc: \SystemRoot\system32\drivers\storvsc.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
: System32\drivers\synth3dvsc.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Microsoft Remote Desktop Input Driver: \SystemRoot\system32\drivers\terminpt.sys (manual start)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
@%SystemRoot%\system32\drivers\tsusbflt.sys,-1: System32\drivers\tsusbflt.sys (manual start)
Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (manual start)
@%SystemRoot%\system32\drivers\tsusbhub.sys,-1: system32\drivers\tsusbhub.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
TVersity Media Server: "C:\ProgramData\TVersity\Media Server\MediaServer.exe" (autostart)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\drivers\umpass.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Microsoft USB Generic Parent Driver: \SystemRoot\system32\drivers\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
: System32\drivers\rdvgkmd.sys (manual start)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (manual start)
viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)
vmbus: \SystemRoot\system32\drivers\vmbus.sys (manual start)
VMBusHID: \SystemRoot\system32\drivers\VMBusHID.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
VSTHWBS2: system32\DRIVERS\VSTBS23.SYS (manual start)
VST_DPV: system32\DRIVERS\VSTDPV3.SYS (manual start)
@%SystemRoot%\System32\drivers\vwifibus.sys,-257: \SystemRoot\System32\drivers\vwifibus.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\Wat\WatUX.exe,-601: %SystemRoot%\system32\Wat\WatAdminSvc.exe (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\drivers\wd.sys (manual start)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
winachsf: system32\DRIVERS\HSX_CNXT.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (disabled)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (disabled)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)
XAudio: system32\DRIVERS\XAudio32.sys (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 55,434 bytes
Report generated in 0.360 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

********* dds FILE 1*****
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Trebonia at 17:02:17 on 2011-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1024.367 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
C:\Users\Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110725094451.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ANT Agent] c:\program files\garmin\ant agent\ant_agent\ANT Agent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 9\MMReminderService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\trebonia\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\trebonia\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1E095882-6C1B-4F26-BBEB-6779D0024595} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30C4CED7-C025-4E07-BF43-92DCEF3AE692} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-25 165032]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-7-30 20216]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-25 64584]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-8-1 38504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-24 148520]
R2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-8-1 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-8-1 1060272]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-8-1 909224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-25 56064]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-5-13 35776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-25 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-25 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-25 314088]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-7-24 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-8-1 169624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-25 84488]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-26 1343400]
.
=============== Created Last 30 ================
.
2011-08-01 15:22:50 -------- d-----w- c:\program files\MSXML 4.0
2011-08-01 14:43:18 -------- d-----w- C:\ProcAlyzer Dumps
2011-08-01 12:17:11 -------- d-----w- c:\users\trebonia\appdata\roaming\Malwarebytes
2011-08-01 12:17:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 12:17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 12:16:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 11:09:36 -------- d-----w- c:\windows\system32\RTCOM
2011-08-01 11:05:28 -------- d--h--w- c:\program files\Temp
2011-08-01 11:05:26 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-01 11:05:14 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-08-01 11:05:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-08-01 11:05:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-08-01 11:05:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-08-01 11:05:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-08-01 11:05:14 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-08-01 11:05:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-08-01 11:05:07 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-08-01 10:48:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 10:47:26 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-01 10:47:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-08-01 10:43:10 -------- d-----w- c:\program files\Safer Networking
2011-08-01 09:50:06 -------- d-----w- c:\users\trebonia\appdata\local\Apps
2011-08-01 09:26:48 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 09:06:25 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-07-31 20:02:32 -------- d-----w- c:\windows\AutoKMS
2011-07-31 19:48:10 183296 ----a-w- c:\windows\Shiwya.exe
2011-07-31 19:47:49 75776 --sha-r- c:\windows\system32\credwizq.dll
2011-07-31 19:31:24 -------- d-----w- c:\users\trebonia\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 19:22:57 -------- d-----w- c:\program files\BitTorrent
2011-07-31 19:22:23 -------- d-----w- c:\users\trebonia\appdata\roaming\BitTorrent
2011-07-31 17:36:02 -------- d-----w- c:\users\trebonia\appdata\local\Nero_AG
2011-07-31 17:35:17 -------- d-----w- c:\users\trebonia\appdata\local\Nero
2011-07-31 17:22:31 -------- d-----w- c:\program files\Nero
2011-07-31 17:22:10 -------- d-----w- c:\programdata\Nero
2011-07-31 17:21:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-31 17:20:53 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-31 17:20:31 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-31 17:20:08 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-07-31 17:19:44 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-07-31 09:46:22 -------- d-----w- c:\users\trebonia\appdata\roaming\Foxit Software
2011-07-30 19:30:10 -------- d-----w- c:\users\trebonia\appdata\roaming\Dropbox
2011-07-30 19:25:29 -------- d-----w- c:\users\trebonia\appdata\local\Google
2011-07-30 19:22:13 -------- d-----w- c:\program files\HWiNFO32
2011-07-30 18:06:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-30 18:06:42 50688 ----a-w- c:\windows\system32\ff_acm.acm
2011-07-30 18:06:40 -------- d-----w- c:\program files\ffdshow
2011-07-30 18:03:26 -------- d-----w- c:\program files\TVersity Codec Pack
2011-07-30 18:02:23 -------- d-----w- c:\programdata\TVersity
2011-07-30 18:00:53 -------- d-----w- c:\program files\VideoLAN
2011-07-30 17:59:08 70984 ----a-r- c:\users\trebonia\appdata\roaming\microsoft\installer\{72d56900-e9ab-4fb5-9f61-b70f89c0f16d}\ARPPRODUCTICON.exe
2011-07-30 17:58:54 -------- d-----w- c:\users\trebonia\appdata\local\Downloaded Installations
2011-07-30 17:55:26 -------- d-----w- c:\users\trebonia\appdata\local\Mindjet
2011-07-30 17:54:41 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2011-07-30 17:54:38 258352 ----a-w- c:\windows\system32\unicows.dll
2011-07-30 17:53:17 -------- d-----w- c:\programdata\Mindjet
2011-07-30 17:52:29 -------- d-----w- c:\program files\Mindjet
2011-07-30 17:51:37 -------- d-----w- c:\program files\CONEXANT
2011-07-30 17:51:04 -------- d-----w- c:\users\trebonia\appdata\local\{B466D993-193A-4641-BD61-AA0DBB63C1F1}
2011-07-30 17:50:26 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-30 17:50:26 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-30 17:50:26 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-30 17:44:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-30 17:39:41 -------- d-----w- c:\programdata\Credant
2011-07-30 10:41:37 -------- d-----w- c:\programdata\Ant
2011-07-30 09:58:41 -------- d-----w- c:\users\trebonia\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-07-30 09:49:12 -------- d-----w- c:\users\trebonia\appdata\local\Adobe
2011-07-26 05:52:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-26 05:14:55 -------- d-----w- c:\windows\system32\Wat
2011-07-25 18:58:57 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-25 18:54:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-25 18:54:11 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-25 18:54:11 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-25 18:54:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-25 18:54:07 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-25 18:53:02 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-25 18:52:44 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-25 18:52:44 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-25 18:52:35 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-25 18:51:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-25 18:50:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-25 18:50:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-25 18:43:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-07-25 18:43:22 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-07-25 18:43:21 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-07-25 18:39:39 -------- d-----w- c:\windows\PCHEALTH
2011-07-25 18:37:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-25 18:36:33 -------- d-----w- c:\users\trebonia\appdata\local\Microsoft Help
2011-07-25 18:34:59 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-25 18:34:59 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-07-25 18:34:55 850944 ----a-w- c:\windows\system32\sbe.dll
2011-07-25 18:34:55 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-25 18:34:51 2616320 ----a-w- c:\windows\explorer.exe
2011-07-25 18:34:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-25 18:34:45 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-25 18:34:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-25 18:34:42 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-25 18:34:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-25 18:34:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-25 18:33:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-25 18:33:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-25 18:33:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-25 18:33:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-25 18:33:35 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-25 18:26:15 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 14:38:37 -------- d-----w- c:\users\trebonia\appdata\local\Diagnostics
2011-07-25 08:58:57 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-07-25 08:51:52 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-25 08:47:33 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-25 08:44:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-25 08:44:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-25 08:44:16 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-07-25 08:44:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-07-25 08:44:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-07-25 08:44:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-07-25 08:44:16 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-07-25 08:44:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-25 08:44:08 -------- d-----w- c:\program files\common files\Mcafee
2011-07-25 08:44:07 -------- d-----w- c:\program files\McAfee.com
2011-07-25 08:44:05 -------- d-----w- c:\program files\McAfee
2011-07-25 06:15:09 -------- d-----w- c:\windows\Panther
2011-07-24 23:03:03 -------- d-----w- c:\program files\Foxit Software
2011-07-24 22:43:23 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-07-24 22:43:23 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-07-24 22:33:05 -------- d-----w- c:\users\trebonia\appdata\roaming\GARMIN
2011-07-24 22:28:42 -------- d-----w- c:\program files\Garmin
2011-07-24 22:28:36 -------- d-sh--w- c:\windows\Installer
2011-07-24 22:27:11 -------- d-----w- c:\program files\Audacity
2011-07-24 22:26:28 -------- d-----w- c:\program files\XemiComputers
2011-07-24 21:49:16 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4fc1cad6-8dcf-49fd-9483-b2037c953706}\mpengine.dll
2011-07-24 21:49:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-24 21:39:10 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-24 21:29:44 -------- d-----w- C:\Open University
2011-07-24 21:24:01 215040 ----a-w- c:\windows\system32\drivers\sis163u.sys
2011-07-24 21:17:41 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-07-07 18:46:16 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 16:39:06 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-06 20:42:46 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 12:27:00 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-01 13:05:42 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 15:14:54 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 13:53:36 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 13:53:30 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-17 18:45:12 41984 ----a-w- c:\windows\system32\AntUsbCIv1.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-31 08:42:06 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 08:42:06 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 08:42:06 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 08:42:06 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 08:42:06 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 08:42:06 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 08:42:06 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 08:42:06 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 08:42:06 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 08:42:06 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-13 19:35:22 67008 ----a-w- c:\windows\system32\libusb0.dll
2011-05-13 19:35:22 35776 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-05-05 14:24:00 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
============= FINISH: 17:04:59.41 ===============

***** DDS File 2 **** Thought this would be useful based on what it says at the foot *****

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 24/07/2011 22:22:04
System Uptime: 01/08/2011 16:37:12 (1 hours ago)
.
Motherboard: GIGA-BYTE Technology | | GA-8I915PM
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 775 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 83.486 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
T: is FIXED (NTFS) - 244 GiB total, 237.005 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Active Desktop Calendar 7.95
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Audacity 1.2.6
BitTorrent
Definition update for Microsoft Office 2010 (KB982726)
Dropbox
ffdshow [rev 3154] [2009-12-09]
Foxit Reader 5.0
Fujitsu Siemens Computers WLAN 802.11b/g D1705/D1706
Garmin ANT Agent
Garmin USB Drivers
High-Definition Video Playback 10
HWiNFO32 Version 3.82
IsoBuster 2.8.5
Java Auto Updater
Java(TM) 7
K101 DVD
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Internet Security
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mindjet MindManager 9
Mindjet Power Markers
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10 Help (CHM)
Nero WaveEditor 10 Help (CHM)
PCI Soft Data Fax Modem with SmartCP
PDF-XChange 3
Picasa 3
Realtek High Definition Audio Driver
RunAlyzer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Spybot - Search & Destroy 2
TVersity Codec Pack 1.4
TVersity Media Server Pro 1.9.3
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VLC media player 0.9.8a
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
31/07/2011 19:54:55, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
31/07/2011 19:54:55, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
01/08/2011 16:37:43, Error: Service Control Manager [7001] - The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
01/08/2011 16:31:32, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
01/08/2011 16:31:32, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
01/08/2011 16:26:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
01/08/2011 10:38:46, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

Lastly the gmer log file atached

Hello zenapp,

In case you missed it please see the FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide the preliminary "DDS" logs used for analysis.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing the DDS logs as shown in that sticky with a link back to this topic and a volunteer analyst will advise you when available. :)

Please do not add posts to the new topic, as per FAQ, because helpers look for topics with a zero response. ;)

Best regards.

-------------------------

http://forums.spybot.info/showthread.php?p=410166#post410166