Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

The Open With box for everything I try [Closed]


  • This topic is locked This topic is locked

#31
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok excellent, logs look good :thumbsup:

I'll now post the final cleanup steps for you to follow, which will guide you through removing the tools we have used and provide you with some tips.

Afterwards, just let me know if you want me to take a look at the other PC you have. If so, I'll get back to you with some new steps.



Good stuff, your logs now appear clean :cool:

Thank you for following the procedures, your system now appears free from Malware. It's now time to remove the programs we have used throughout this cleanup and make sure important programs are updated to their latest versions. This all helps in the fight against being reinfected.

Please make sure you follow the steps below, as they are highly recommended.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove RogueKiller and TDSSKiller from the Desktop (if present)

2)
Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

Having a good Anti Virus program and an on-access Anti Malware program, is great in the battle against malware and various other forms of infections. You should aways make sure your Anti Virus is Enabled and has the latest defintions downloaded (Anti Virus software will nearly always update it's definitions automatically)

Here are some recommendations:

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. This is where a lot of people fall down, as there are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very worthwhile habit to get into.

Windows Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
Here's how to check to see if you are missing any updates. Just click your version of Windows below, to see how to check...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
    (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Key Tips ==========

- Never be tempted to download software you didn't ask for
If for example you see a "Free Registry Booster" or "Get rid of all your malware problems or blue screens by using this software", don't be tempted to click on them. The software is often useless, could actually be harmful to your PC and they are generally just out to get your money. If you didn't ask for the software, don't download it ;)

- Run regular scans
Set yourself a date, approximately every 2, 3 or 4 weeks, whereby you run a Full Scan with your Anti Virus and a scan with any Anti Malware/Spyware program you may have installed, like Malwarebytes' Anti Malware.


Have fun and stay safe online ;)
BlackOxide

  • 0

Advertisements


#32
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Im updating stuff.

Well Ive noticed some things which I hope are just setting changes.
When my wallpaper first shows up a window says to reinstall MLF pro.
My start menu is empty.
I just downloaded Spotify and they don't have any real Beatles (that's weird right?) so I ripped my CDs on Windows media player. Then Spotify couldn't see the songs anywhere so I tried opening my music in my documents. My access was denied. I cant even move the music from WMP to my desktop. Am I being silly or should that be possible?
  • 0

#33
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
There is computer but no my computer. The MFL pro is "MFL-Pro Suite CC3-001-00001907"
  • 0

#34
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

My start menu is empty.

Could you get me a screenshot so I can see what parts of the Start Menu are missing please.

Take a screenshot of the problem

To do this....
  • Press the Print Scrn key on the keyboard (usually located between the F12 and the Scroll Lock key)
  • After you have done this, Click Start, All Programs, Accessories, then click Paint
  • Once in Paint, click Edit at the top then Paste
  • Click File, then Save As and in the Save as type box, click JPEG and save it to the Desktop
Then attach the saved image to your next post...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.


When my wallpaper first shows up a window says to reinstall MLF pro.

Sounds like you will indeed just need to reinstall the Brother MLF Pro Suite Software. If you go here, you should be able to enter your printers model and obtain the software from there. Let me know your Printers model if you have any difficulties.


I just downloaded Spotify and they don't have any real Beatles (that's weird right?) so I ripped my CDs on Windows media player.

Looks like it's a copyright issue. Spotifies explanation:

Unfortunately there are some artists who have opted not to be a part of Spotify at this point in time. Some frequently requested artists that are not in Spotify include Metallica, The Beatles, Pink Floyd, AC/DC and Led Zeppelin. We hope that they change their minds regarding streaming soon!




so I tried opening my music in my documents. My access was denied. I cant even move the music from WMP to my desktop. Am I being silly or should that be possible?

In Windows 7, you would need to navigate to C:\Users\Your Username\Music. It's different to XP, as this would be C:\Documents and Settings\Your Username\My Music. If you try the XP way in 7, you will get an Access is Denied message.

With the ripping of music CD's, I've found a good tutorial here for ripping songs from WMP to either your Desktop or Music folder etc. Just check your doing the same as this.
  • 0

#35
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
this.jpg
  • 0

#36
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey we should be able to get this back to normal by doing the following. Try it and let me know if it appears normal afterwards.

  • Right click the Start Menu button (the 'orb') and then click Properties
  • Make sure you are on the Start Menu tab at the top
  • Place a tick in the two checkboxes under Privacy
  • Now click the Customize button at the top right of this window
  • Click Use Default Settings
  • Click OK then OK on the other window
  • Your Start Menu should now appear normal
You will notice the blank space on the left hand side. Once you have opened some of your commonly used programs, this will start to fill up again.
If there is a certain program or web browser you would always like to appear on the left hand side of the start menu, just right click it's icon and choose Pin to Start Menu
  • 0

#37
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I still cant do step 5 of the cleanup. But my start menu is looking fixed.
Is it okay if we start on the ever so slow laptop?

If I donate money does it go directly to you?
  • 0

#38
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

With the Step 5 instructions, on the "Select the Tools menu and click Folder Options" step, If the Tools menu at the top is not visible, a quick way to get it to show is hold down the Alt key on the keyboard and press 'T' whilst still holding it. This will bring up the Tools menu. Just follow the steps as before from there onwards.

Yep, if you did wish to donate, the button in my signature would donate it to myself.


Sure, we can start on the laptop now. Could you give me a description of the problems you're having with it and also run the following scans for me please...


1)
OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
Description of problems with Laptop
OTL log
aswMBR log

  • 0

#39
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Im using XP on my dell.
The problems? Well, there are a lot. I know you can't fix this but my batter holds no charge. How long should a laptop battery last?


On the other hand, the computer has general extreme slowness. A couple times an hour firefox stops responding and then starts working by itself again. Other days, firefox stops responding and the computer is frozen. My sound doesn't work. As in, no sound comes out and volume control says I don't have active mixer devices.
When I open task manager, there are about 5 svchost things. One of them uses around 40,000k memory and I hope is normal. I dont know if this is actually a problem but I assume with a fan running in a dusty place for 5 years the inside of my laptop is dusty and therefore overheats and/or overheats faster in the summer. There are many other programs in task manager I dont recognize(doesnt mean much). A fake windows security has shown up twice asking me to scan and buy. Malwarebytes cant open. I don't remember well if i tried OTL yet, but I think it couldn't open. I will try again now.
  • 0

#40
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
another problem I forgot to mention is that safemode does not work.
Here is my OTL log
OTL logfile created on: 12/23/2011 11:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\James\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 198.38 Mb Available Physical Memory | 22.19% Memory free
2.12 Gb Paging File | 1.53 Gb Available in Paging File | 72.31% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.72 Gb Total Space | 29.65 Gb Free Space | 42.53% Space Free | Partition Type: NTFS

Computer Name: D722T7C1 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 16:19:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/09/03 12:44:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2011/09/03 12:44:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\plugin-container.exe
PRC - [2011/08/31 20:36:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\My Documents\Downloads\OTL.com
PRC - [2009/12/14 05:40:18 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/14 14:31:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/14 14:31:16 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/01/14 14:31:16 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/01/14 14:31:16 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/01/14 14:31:16 | 000,181,688 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 17:13:28 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/13 15:02:04 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
MOD - [2011/09/03 12:44:23 | 001,846,232 | ---- | M] () -- C:\Program Files\Firefox\mozjs.dll
MOD - [2011/04/25 18:02:01 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/23 16:19:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (EraserSvc11121)
SRV - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/14 14:31:16 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/01/14 14:31:16 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/01/14 14:31:16 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/13 18:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/04/10 21:17:10 | 000,407,136 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2006/08/23 17:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2011/11/23 18:47:28 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/15 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/02 10:03:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/01/14 14:31:20 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/14 14:31:20 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/14 14:31:20 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/14 14:31:12 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/01/14 14:31:12 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/01/14 14:31:12 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/04/10 18:05:34 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/17 15:21:02 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/11 22:19:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 12:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 14:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 00:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 7C EA 7E 41 E3 CA 01 [binary data]
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63677
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/28 23:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Firefox\components [2011/09/03 12:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/05/31 23:44:01 | 000,000,000 | ---D | M]

[2010/03/29 17:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/23 22:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions
[2010/08/04 15:00:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/23 22:28:31 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/10/12 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/30 23:30:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/09/16 11:48:23 | 000,000,703 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2007/09/16 11:48:23 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src

O1 HOSTS File: ([2009/11/04 14:17:17 | 000,348,155 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11963 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 01:23:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\James\Local Settings\Application Data\bwe.exe
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 22:28:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/23 22:26:44 | 000,016,896 | ---- | M] () -- C:\WINDOWS\System32\Rpcnetp.exe
[2011/12/23 22:26:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/12/23 22:25:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 01:28:19 | 000,008,376 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
[2011/12/20 01:28:18 | 000,008,376 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\b2ml23h4pd6pnu
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 01:23:44 | 000,008,376 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\b2ml23h4pd6pnu
[2011/12/20 01:23:44 | 000,008,376 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
[2011/11/23 18:47:02 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/07/04 01:31:22 | 000,007,536 | ---- | C] () -- C:\Documents and Settings\James\Application Data\F326.50D
[2011/06/29 00:44:07 | 000,002,464 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\ick23nnt6d8
[2011/06/29 00:44:07 | 000,002,464 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\ick23nnt6d8
[2011/06/18 00:01:55 | 000,001,088 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\5r6m85g14443mbvw2
[2011/06/18 00:01:55 | 000,001,088 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\5r6m85g14443mbvw2
[2011/05/22 16:49:45 | 000,001,374 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\m6i68wflxqtcs5jm40m420ni1s530wiy23684076huan5k0
[2011/05/22 16:49:45 | 000,001,374 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\m6i68wflxqtcs5jm40m420ni1s530wiy23684076huan5k0
[2010/03/07 17:53:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/04 15:38:48 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/10/30 11:43:08 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Rpcnetp.exe
[2009/10/18 15:14:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008/08/05 20:56:24 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/06/30 14:43:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/30 14:43:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/30 14:43:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/01/25 23:15:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/16 12:52:24 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/24 16:44:46 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/03/08 23:23:41 | 000,000,371 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/23 10:36:54 | 000,001,311 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/24 22:27:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/21 13:05:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/18 19:51:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/12/11 22:37:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/11 22:27:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/11 22:22:01 | 000,004,437 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/11 22:16:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/11 21:44:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/11 21:44:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/11 21:44:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/11 21:44:20 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/11 21:44:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/11 21:44:10 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/28 04:30:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TrustSupport.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/01/02 17:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/17 18:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/11 17:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/03/15 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/14 01:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/02 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/22 13:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/17 18:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\acccore
[2010/05/09 08:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\ApexDC++
[2010/03/27 17:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Audacity
[2010/07/07 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\CiscoCAA
[2011/02/26 16:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\gtk-2.0
[2009/10/30 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\IObit
[2008/10/23 18:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\iWin
[2008/10/09 00:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Leadertech
[2010/05/19 20:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\OpenCandy
[2010/03/25 15:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Opera
[2010/04/11 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Rainmeter
[2010/05/20 16:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Uniblue
[2008/01/23 13:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2007/12/25 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

========== Purity Check ==========



< End of report >



Here is my extras
OTL Extras logfile created on: 12/23/2011 11:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\James\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 198.38 Mb Available Physical Memory | 22.19% Memory free
2.12 Gb Paging File | 1.53 Gb Available in Paging File | 72.31% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.72 Gb Total Space | 29.65 Gb Free Space | 42.53% Space Free | Partition Type: NTFS

Computer Name: D722T7C1 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ApexDC++\ApexDC.exe" = C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing -- (ApexDC++ Development Team)
"C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:chrome -- (Google Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\ApexDC\ApexDC.exe" = C:\Program Files\ApexDC\ApexDC.exe:*:Enabled:ApexDC++ -- (ApexDC++ Development Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2007
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ApexDC++" = ApexDC++ 1.2.1
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Catan Online Welt" = Catan Online World
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Diablo II" = Diablo II
"ESPNMotion" = ESPNMotion
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2011 12:17:09 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:17:27 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:17:43 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:17:59 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:18:18 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:18:33 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:18:49 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:19:07 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:19:23 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 12/24/2011 12:19:42 AM | Computer Name = D722T7C1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: C:\WINDOWS\system32\drivers\ipsec.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

[ System Events ]
Error - 12/23/2011 11:26:33 PM | Computer Name = D722T7C1 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 12/23/2011 11:26:50 PM | Computer Name = D722T7C1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/23/2011 11:27:33 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/23/2011 11:27:33 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:27:33 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:27:33 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:28:00 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:31:33 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:36:44 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/23/2011 11:38:17 PM | Computer Name = D722T7C1 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

Advertisements


#41
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I may be giving the virus more credit than it deserves but during the OTL scan my semantic endpoint protection started working. Its scanning found 120 trojans. Most of which seemed to be located in system 32/drivers. Then firefox lost network and I had to restart to post.
  • 0

#42
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Almost forgot
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-23 23:43:25
-----------------------------
23:43:25.312 OS Version: Windows 5.1.2600 Service Pack 3
23:43:25.312 Number of processors: 1 586 0x4C02
23:43:25.312 ComputerName: D722T7C1 UserName: James
23:43:25.781 Initialize success
23:43:51.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:43:51.937 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3
23:43:53.953 Disk 0 MBR read successfully
23:43:53.953 Disk 0 MBR scan
23:43:53.953 Disk 0 unknown MBR code
23:43:53.953 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
23:43:53.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71390 MB offset 144585
23:43:54.015 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4855 MB offset 146352150
23:43:54.015 Disk 0 scanning sectors +156296385
23:43:54.078 Disk 0 scanning C:\WINDOWS\system32\drivers
23:44:04.312 Service scanning
23:44:07.703 Modules scanning
23:44:17.203 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
23:44:19.062 Disk 0 trace - called modules:
23:44:19.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:44:19.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85568ab8]
23:44:19.578 3 CLASSPNP.SYS[f75c4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85594d98]
23:44:19.578 Scan finished successfully
23:45:19.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
23:45:19.890 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR log 1.txt"
  • 0

#43
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the info and the logs. I think we could be looking at a couple of different types if infections on this one. Lets start by removing items which were found in the OTL log, then we'll run a scan with TDSSKiller to see if it identifies any of the drivers as being modified or infected :)



1)
OTL Fix

OTL has recently been updated, so please Delete your current copy of OTL
Download the new OTL file to your Desktop

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/12/13 15:02:04 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 63677
    [2011/12/23 22:28:31 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/12/20 01:23:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\James\Local Settings\Application Data\bwe.exe
    [2011/12/20 01:28:19 | 000,008,376 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
    [2011/12/20 01:28:18 | 000,008,376 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\b2ml23h4pd6pnu
    [2011/12/20 01:23:44 | 000,008,376 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
    [2011/07/04 01:31:22 | 000,007,536 | ---- | C] () -- C:\Documents and Settings\James\Application Data\F326.50D
    [2011/06/29 00:44:07 | 000,002,464 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\ick23nnt6d8
    [2011/06/29 00:44:07 | 000,002,464 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\ick23nnt6d8
    [2011/06/18 00:01:55 | 000,001,088 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\5r6m85g14443mbvw2
    [2011/06/18 00:01:55 | 000,001,088 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\5r6m85g14443mbvw2
    [2011/05/22 16:49:45 | 000,001,374 | --S- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\m6i68wflxqtcs5jm40m420ni1s530wiy23684076huan5k0
    [2011/05/22 16:49:45 | 000,001,374 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\m6i68wflxqtcs5jm40m420ni1s530wiy23684076huan5k0
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




In your next reply
Please post the contents of...
OTL log
TDSSKiller log

  • 0

#44
panicpeace

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 12/25/2011 12:49:31 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 387.86 Mb Available Physical Memory | 43.39% Memory free
2.12 Gb Paging File | 1.78 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.72 Gb Total Space | 30.76 Gb Free Space | 44.13% Space Free | Partition Type: NTFS

Computer Name: D722T7C1 | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 00:40:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/12/24 01:38:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2011/11/23 16:19:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/01/14 14:31:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/14 14:31:16 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/01/14 14:31:16 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/01/14 14:31:16 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 17:13:28 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/24 01:38:21 | 001,989,592 | ---- | M] () -- C:\Program Files\Firefox\mozjs.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/23 16:19:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/01/14 14:31:18 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/14 14:31:16 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/01/14 14:31:16 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/01/14 14:31:16 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/13 18:21:40 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/04/10 21:17:10 | 000,407,136 | ---- | M] (Juniper Networks) [Disabled | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2006/08/23 17:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 18:47:28 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/15 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/02 10:03:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/01/14 14:31:20 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/14 14:31:20 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/14 14:31:20 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/14 14:31:12 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/01/14 14:31:12 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/01/14 14:31:12 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/04/10 18:05:34 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/17 15:21:02 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/11 22:19:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 12:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 14:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 00:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 7C EA 7E 41 E3 CA 01 [binary data]
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/28 23:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Firefox\components [2011/12/24 01:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/05/31 23:44:01 | 000,000,000 | ---D | M]

[2010/03/29 17:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/23 22:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions
[2010/08/04 15:00:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\3y05hgls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/12 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/30 23:30:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/09/16 11:48:23 | 000,000,703 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2007/09/16 11:48:23 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3\
CHR - Extension: No name found = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lefeecbpfmnmdoajflbekahgnbcjihcc\2\

O1 HOSTS File: ([2011/12/25 00:41:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{190B60DF-4EAE-4B91-828A-63FC8537C931}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968FD515-23F4-4AEC-97F8-D74C64FA19C4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-904346458-1129930403-2403710600-1006 Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 00:50:05 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\tdsskiller.exe
[2011/12/25 00:41:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/25 00:40:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/23 23:42:05 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 00:50:13 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\tdsskiller.exe
[2011/12/25 00:46:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/25 00:46:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\System32\Rpcnetp.exe
[2011/12/25 00:45:54 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/12/25 00:45:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 00:41:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/25 00:40:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/23 23:45:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/23 23:42:23 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[4 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\James\Desktop\*.tmp files -> C:\Documents and Settings\James\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 23:45:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/11/23 18:47:02 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/03/07 17:53:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/04 15:38:48 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/10/30 11:43:08 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Rpcnetp.exe
[2009/10/18 15:14:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008/08/05 20:56:24 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/06/30 14:43:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/30 14:43:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/30 14:43:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/01/25 23:15:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/16 12:52:24 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/24 16:44:46 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/03/08 23:23:41 | 000,000,371 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/23 10:36:54 | 000,001,311 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/24 22:27:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/21 13:05:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/18 19:51:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/12/11 22:37:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/11 22:27:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/11 22:22:01 | 000,004,437 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/11 22:16:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/11 21:44:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/11 21:44:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/11 21:44:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/11 21:44:20 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/11 21:44:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/11 21:44:10 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/28 04:30:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TrustSupport.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/01/02 17:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/17 18:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/11 17:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/03/15 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/14 01:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/02 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/22 13:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/17 18:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\acccore
[2010/05/09 08:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\ApexDC++
[2010/03/27 17:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Audacity
[2010/07/07 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\CiscoCAA
[2011/02/26 16:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\gtk-2.0
[2009/10/30 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\IObit
[2008/10/23 18:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\iWin
[2008/10/09 00:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Leadertech
[2010/05/19 20:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\OpenCandy
[2010/03/25 15:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Opera
[2010/04/11 22:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Rainmeter
[2010/05/20 16:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Uniblue
[2008/01/23 13:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2007/12/25 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

========== Purity Check ==========



< End of report >


00:50:31.0703 1368 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:50:32.0000 1368 ============================================================
00:50:32.0000 1368 Current date / time: 2011/12/25 00:50:32.0000
00:50:32.0000 1368 SystemInfo:
00:50:32.0000 1368
00:50:32.0000 1368 OS Version: 5.1.2600 ServicePack: 3.0
00:50:32.0000 1368 Product type: Workstation
00:50:32.0000 1368 ComputerName: D722T7C1
00:50:32.0000 1368 UserName: James
00:50:32.0000 1368 Windows directory: C:\WINDOWS
00:50:32.0000 1368 System windows directory: C:\WINDOWS
00:50:32.0000 1368 Processor architecture: Intel x86
00:50:32.0000 1368 Number of processors: 1
00:50:32.0000 1368 Page size: 0x1000
00:50:32.0000 1368 Boot type: Normal boot
00:50:32.0000 1368 ============================================================
00:50:34.0890 1368 Initialize success
00:51:29.0093 3384 ============================================================
00:51:29.0093 3384 Scan started
00:51:29.0093 3384 Mode: Manual; SigCheck; TDLFS;
00:51:29.0093 3384 ============================================================
00:51:31.0812 3384 Abiosdsk - ok
00:51:31.0937 3384 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:51:38.0125 3384 abp480n5 - ok
00:51:38.0453 3384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:51:39.0250 3384 ACPI - ok
00:51:39.0609 3384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:51:39.0828 3384 ACPIEC - ok
00:51:40.0140 3384 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:51:40.0359 3384 adpu160m - ok
00:51:40.0703 3384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:51:40.0859 3384 aec - ok
00:51:41.0218 3384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:51:41.0296 3384 AFD - ok
00:51:41.0578 3384 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:51:41.0781 3384 agp440 - ok
00:51:41.0921 3384 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:51:42.0078 3384 agpCPQ - ok
00:51:42.0312 3384 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:51:42.0453 3384 Aha154x - ok
00:51:42.0703 3384 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:51:42.0875 3384 aic78u2 - ok
00:51:43.0125 3384 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:51:43.0281 3384 aic78xx - ok
00:51:43.0578 3384 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:51:43.0812 3384 AliIde - ok
00:51:44.0156 3384 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:51:44.0296 3384 alim1541 - ok
00:51:44.0671 3384 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:51:44.0828 3384 amdagp - ok
00:51:44.0937 3384 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:51:45.0046 3384 AmdK8 - ok
00:51:45.0390 3384 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:51:45.0484 3384 amsint - ok
00:51:45.0875 3384 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:51:45.0921 3384 APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:51:45.0921 3384 APPDRV - detected UnsignedFile.Multi.Generic (1)
00:51:46.0203 3384 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:51:46.0390 3384 asc - ok
00:51:46.0703 3384 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:51:46.0812 3384 asc3350p - ok
00:51:46.0968 3384 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:51:47.0171 3384 asc3550 - ok
00:51:47.0546 3384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:51:47.0687 3384 AsyncMac - ok
00:51:47.0765 3384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:51:48.0656 3384 atapi - ok
00:51:48.0750 3384 Atdisk - ok
00:51:48.0921 3384 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:51:49.0609 3384 ati2mtag - ok
00:51:49.0765 3384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:51:50.0406 3384 Atmarpc - ok
00:51:50.0484 3384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:51:51.0078 3384 audstub - ok
00:51:51.0359 3384 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:51:51.0687 3384 BCM43XX - ok
00:51:51.0937 3384 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:51:52.0468 3384 bcm4sbxp - ok
00:51:52.0578 3384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:51:53.0109 3384 Beep - ok
00:51:53.0421 3384 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:51:53.0609 3384 cbidf - ok
00:51:53.0890 3384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:51:54.0046 3384 cbidf2k - ok
00:51:54.0234 3384 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:51:54.0328 3384 cd20xrnt - ok
00:51:54.0781 3384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:51:54.0968 3384 Cdaudio - ok
00:51:55.0078 3384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:51:55.0250 3384 Cdfs - ok
00:51:55.0562 3384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:51:56.0406 3384 Cdrom - ok
00:51:56.0953 3384 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:51:57.0140 3384 CmBatt - ok
00:51:58.0140 3384 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:51:58.0562 3384 CmdIde - ok
00:51:58.0828 3384 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:51:59.0015 3384 Compbatt - ok
00:51:59.0203 3384 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:51:59.0359 3384 Cpqarray - ok
00:51:59.0984 3384 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:52:00.0250 3384 dac2w2k - ok
00:52:00.0687 3384 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:52:00.0921 3384 dac960nt - ok
00:52:01.0515 3384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:52:01.0671 3384 Disk - ok
00:52:02.0046 3384 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
00:52:02.0125 3384 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
00:52:02.0125 3384 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
00:52:02.0609 3384 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:52:02.0656 3384 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
00:52:02.0656 3384 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
00:52:02.0937 3384 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
00:52:03.0000 3384 DLADResN ( UnsignedFile.Multi.Generic ) - warning
00:52:03.0000 3384 DLADResN - detected UnsignedFile.Multi.Generic (1)
00:52:03.0171 3384 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
00:52:03.0218 3384 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
00:52:03.0218 3384 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
00:52:03.0328 3384 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
00:52:03.0375 3384 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
00:52:03.0375 3384 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
00:52:03.0453 3384 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
00:52:03.0500 3384 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
00:52:03.0500 3384 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
00:52:03.0828 3384 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
00:52:03.0890 3384 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
00:52:03.0890 3384 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
00:52:03.0984 3384 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
00:52:04.0031 3384 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
00:52:04.0031 3384 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
00:52:04.0250 3384 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
00:52:04.0296 3384 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
00:52:04.0296 3384 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
00:52:04.0500 3384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:52:04.0828 3384 dmboot - ok
00:52:05.0140 3384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:52:05.0281 3384 dmio - ok
00:52:05.0703 3384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:52:05.0875 3384 dmload - ok
00:52:05.0968 3384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:52:06.0140 3384 DMusic - ok
00:52:06.0531 3384 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:52:06.0718 3384 dpti2o - ok
00:52:06.0984 3384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:52:07.0140 3384 drmkaud - ok
00:52:07.0234 3384 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:52:07.0296 3384 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
00:52:07.0296 3384 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
00:52:07.0531 3384 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:52:07.0578 3384 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
00:52:07.0578 3384 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
00:52:08.0000 3384 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
00:52:08.0109 3384 dsNcAdpt - ok
00:52:08.0343 3384 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
00:52:08.0390 3384 DSproct ( UnsignedFile.Multi.Generic ) - warning
00:52:08.0390 3384 DSproct - detected UnsignedFile.Multi.Generic (1)
00:52:08.0921 3384 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:52:09.0109 3384 E100B - ok
00:52:09.0687 3384 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:52:09.0828 3384 eeCtrl - ok
00:52:10.0359 3384 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:52:10.0375 3384 EraserUtilRebootDrv - ok
00:52:10.0765 3384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:52:11.0000 3384 Fastfat - ok
00:52:11.0312 3384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:52:11.0468 3384 Fdc - ok
00:52:11.0562 3384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:52:11.0750 3384 Fips - ok
00:52:12.0125 3384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:52:12.0296 3384 Flpydisk - ok
00:52:12.0562 3384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:52:12.0765 3384 FltMgr - ok
00:52:13.0171 3384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:52:13.0375 3384 Fs_Rec - ok
00:52:13.0671 3384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:52:13.0875 3384 Ftdisk - ok
00:52:14.0218 3384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:52:14.0375 3384 Gpc - ok
00:52:14.0500 3384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:52:14.0640 3384 HDAudBus - ok
00:52:15.0000 3384 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:52:15.0156 3384 HidUsb - ok
00:52:15.0375 3384 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:52:15.0531 3384 hpn - ok
00:52:16.0031 3384 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:52:16.0265 3384 HSF_DPV - ok
00:52:16.0718 3384 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:52:16.0796 3384 HSXHWAZL - ok
00:52:17.0203 3384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:52:17.0359 3384 HTTP - ok
00:52:17.0703 3384 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:52:17.0843 3384 i2omgmt - ok
00:52:18.0343 3384 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:52:18.0515 3384 i2omp - ok
00:52:18.0890 3384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:52:19.0046 3384 i8042prt - ok
00:52:19.0640 3384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:52:19.0906 3384 Imapi - ok
00:52:20.0390 3384 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:52:20.0593 3384 ini910u - ok
00:52:21.0109 3384 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:52:21.0265 3384 IntelIde - ok
00:52:21.0671 3384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:52:21.0828 3384 intelppm - ok
00:52:22.0171 3384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:52:22.0343 3384 Ip6Fw - ok
00:52:22.0734 3384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:52:22.0921 3384 IpFilterDriver - ok
00:52:23.0203 3384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:52:23.0343 3384 IpInIp - ok
00:52:23.0578 3384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:52:23.0906 3384 IpNat - ok
00:52:24.0218 3384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:52:24.0468 3384 IPSec - ok
00:52:24.0890 3384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:52:25.0078 3384 IRENUM - ok
00:52:25.0156 3384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:52:25.0328 3384 isapnp - ok
00:52:25.0687 3384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:52:25.0843 3384 Kbdclass - ok
00:52:25.0984 3384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:52:26.0109 3384 kmixer - ok
00:52:26.0609 3384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:52:26.0796 3384 KSecDD - ok
00:52:27.0109 3384 MBAMSwissArmy (376c6f143bdc33456f49d881742d663c) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:52:27.0125 3384 MBAMSwissArmy - ok
00:52:27.0296 3384 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
00:52:27.0343 3384 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
00:52:27.0343 3384 MCSTRM - detected UnsignedFile.Multi.Generic (1)
00:52:27.0640 3384 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:52:27.0687 3384 mdmxsdk - ok
00:52:27.0875 3384 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:52:27.0953 3384 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
00:52:27.0953 3384 MHNDRV - detected UnsignedFile.Multi.Generic (1)
00:52:28.0109 3384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:52:28.0312 3384 mnmdd - ok
00:52:28.0609 3384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:52:28.0781 3384 Modem - ok
00:52:28.0984 3384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:52:29.0140 3384 Mouclass - ok
00:52:29.0578 3384 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:52:29.0781 3384 mouhid - ok
00:52:30.0031 3384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:52:30.0171 3384 MountMgr - ok
00:52:30.0296 3384 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:52:30.0468 3384 mraid35x - ok
00:52:30.0781 3384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:52:30.0968 3384 MRxDAV - ok
00:52:31.0156 3384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:52:31.0343 3384 MRxSmb - ok
00:52:31.0687 3384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:52:31.0843 3384 Msfs - ok
00:52:32.0265 3384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:52:32.0421 3384 MSKSSRV - ok
00:52:32.0812 3384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:52:32.0937 3384 MSPCLOCK - ok
00:52:33.0171 3384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:52:33.0375 3384 MSPQM - ok
00:52:33.0765 3384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:52:33.0921 3384 mssmbios - ok
00:52:34.0453 3384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:52:34.0546 3384 Mup - ok
00:52:35.0000 3384 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.019\NAVENG.SYS
00:52:35.0031 3384 NAVENG - ok
00:52:35.0703 3384 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.019\NAVEX15.SYS
00:52:36.0453 3384 NAVEX15 - ok
00:52:36.0875 3384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:52:37.0296 3384 NDIS - ok
00:52:37.0671 3384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:52:37.0765 3384 NdisTapi - ok
00:52:38.0156 3384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:52:38.0328 3384 Ndisuio - ok
00:52:38.0593 3384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:52:39.0156 3384 NdisWan - ok
00:52:39.0515 3384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:52:39.0625 3384 NDProxy - ok
00:52:39.0718 3384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:52:39.0859 3384 NetBIOS - ok
00:52:40.0125 3384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:52:40.0250 3384 NetBT - ok
00:52:40.0359 3384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:52:40.0500 3384 Npfs - ok
00:52:40.0812 3384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:52:41.0000 3384 Ntfs - ok
00:52:41.0328 3384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:52:41.0515 3384 Null - ok
00:52:42.0390 3384 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:52:42.0875 3384 nv - ok
00:52:43.0156 3384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:52:43.0328 3384 NwlnkFlt - ok
00:52:43.0375 3384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:52:43.0546 3384 NwlnkFwd - ok
00:52:43.0859 3384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:52:44.0031 3384 Parport - ok
00:52:44.0265 3384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:52:44.0406 3384 PartMgr - ok
00:52:44.0578 3384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:52:44.0734 3384 ParVdm - ok
00:52:44.0890 3384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:52:45.0046 3384 PCI - ok
00:52:45.0515 3384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:52:45.0671 3384 PCIIde - ok
00:52:45.0781 3384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:52:45.0921 3384 Pcmcia - ok
00:52:46.0328 3384 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:52:46.0531 3384 perc2 - ok
00:52:46.0625 3384 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:52:46.0781 3384 perc2hib - ok
00:52:47.0062 3384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:52:47.0328 3384 PptpMiniport - ok
00:52:47.0562 3384 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:52:47.0718 3384 Processor - ok
00:52:47.0953 3384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:52:48.0078 3384 PSched - ok
00:52:48.0359 3384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:52:48.0515 3384 Ptilink - ok
00:52:48.0593 3384 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:52:48.0609 3384 PxHelp20 - ok
00:52:48.0875 3384 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:52:49.0046 3384 ql1080 - ok
00:52:49.0125 3384 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:52:49.0281 3384 Ql10wnt - ok
00:52:49.0515 3384 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:52:49.0656 3384 ql12160 - ok
00:52:49.0765 3384 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:52:49.0921 3384 ql1240 - ok
00:52:50.0046 3384 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:52:50.0218 3384 ql1280 - ok
00:52:50.0281 3384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:52:50.0453 3384 RasAcd - ok
00:52:50.0750 3384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:52:50.0906 3384 Rasl2tp - ok
00:52:51.0062 3384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:52:51.0406 3384 RasPppoe - ok
00:52:51.0812 3384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:52:51.0984 3384 Raspti - ok
00:52:52.0125 3384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:52:52.0281 3384 Rdbss - ok
00:52:52.0562 3384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:52:52.0718 3384 RDPCDD - ok
00:52:52.0796 3384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:52:52.0921 3384 rdpdr - ok
00:52:53.0265 3384 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:52:53.0843 3384 RDPWD - ok
00:52:53.0953 3384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:52:54.0265 3384 redbook - ok
00:52:54.0437 3384 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:52:54.0531 3384 rimmptsk - ok
00:52:54.0640 3384 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:52:54.0828 3384 sdbus - ok
00:52:55.0203 3384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:52:55.0343 3384 Secdrv - ok
00:52:55.0687 3384 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:52:56.0031 3384 serenum - ok
00:52:56.0375 3384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:52:56.0531 3384 Serial - ok
00:52:56.0734 3384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:52:56.0890 3384 Sfloppy - ok
00:52:57.0031 3384 Simbad - ok
00:52:57.0343 3384 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:52:57.0500 3384 sisagp - ok
00:52:57.0843 3384 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:52:57.0937 3384 Sparrow - ok
00:52:58.0265 3384 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:52:58.0359 3384 SPBBCDrv - ok
00:52:58.0593 3384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:52:58.0734 3384 splitter - ok
00:52:58.0890 3384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:52:59.0031 3384 sr - ok
00:52:59.0421 3384 SRTSP (e217480cc878061d7603a8cdca06c188) C:\WINDOWS\system32\Drivers\SRTSP.SYS
00:52:59.0453 3384 SRTSP - ok
00:52:59.0906 3384 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
00:52:59.0968 3384 SRTSPL - ok
00:53:00.0359 3384 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
00:53:00.0375 3384 SRTSPX - ok
00:53:00.0578 3384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:53:00.0734 3384 Srv - ok
00:53:00.0984 3384 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:53:01.0015 3384 ssmdrv - ok
00:53:01.0218 3384 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
00:53:01.0500 3384 STHDA - ok
00:53:01.0765 3384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:53:01.0921 3384 swenum - ok
00:53:02.0328 3384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:53:02.0468 3384 swmidi - ok
00:53:02.0578 3384 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:53:02.0734 3384 symc810 - ok
00:53:03.0015 3384 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:53:03.0171 3384 symc8xx - ok
00:53:03.0328 3384 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:53:03.0359 3384 SymEvent - ok
00:53:03.0687 3384 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
00:53:03.0734 3384 symlcbrd - ok
00:53:03.0890 3384 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:53:03.0921 3384 SYMREDRV - ok
00:53:04.0218 3384 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:53:04.0250 3384 SYMTDI - ok
00:53:04.0421 3384 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:53:04.0593 3384 sym_hi - ok
00:53:04.0968 3384 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:53:05.0109 3384 sym_u3 - ok
00:53:05.0296 3384 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:53:05.0375 3384 SynTP - ok
00:53:05.0687 3384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:53:05.0859 3384 sysaudio - ok
00:53:06.0078 3384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:53:06.0265 3384 Tcpip - ok
00:53:06.0609 3384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:53:06.0765 3384 TDPIPE - ok
00:53:07.0125 3384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:53:07.0312 3384 TDTCP - ok
00:53:07.0875 3384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:53:08.0046 3384 TermDD - ok
00:53:08.0640 3384 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:53:08.0812 3384 TosIde - ok
00:53:09.0312 3384 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
00:53:09.0453 3384 TrueSight ( UnsignedFile.Multi.Generic ) - warning
00:53:09.0453 3384 TrueSight - detected UnsignedFile.Multi.Generic (1)
00:53:10.0046 3384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:53:10.0203 3384 Udfs - ok
00:53:10.0921 3384 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:53:11.0031 3384 ultra - ok
00:53:11.0781 3384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:53:12.0125 3384 Update - ok
00:53:12.0593 3384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:53:12.0734 3384 usbehci - ok
00:53:13.0062 3384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:53:13.0453 3384 usbhub - ok
00:53:13.0781 3384 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:53:13.0921 3384 usbohci - ok
00:53:14.0375 3384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:53:14.0546 3384 usbscan - ok
00:53:14.0812 3384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:53:14.0937 3384 USBSTOR - ok
00:53:15.0062 3384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:53:15.0234 3384 usbuhci - ok
00:53:15.0546 3384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:53:15.0703 3384 VgaSave - ok
00:53:15.0812 3384 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:53:15.0953 3384 viaagp - ok
00:53:16.0187 3384 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:53:16.0328 3384 ViaIde - ok
00:53:16.0609 3384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:53:16.0734 3384 VolSnap - ok
00:53:17.0000 3384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:53:17.0125 3384 Wanarp - ok
00:53:17.0343 3384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:53:17.0515 3384 wdmaud - ok
00:53:17.0859 3384 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:53:17.0921 3384 winachsf - ok
00:53:18.0203 3384 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:53:18.0359 3384 WmiAcpi - ok
00:53:18.0484 3384 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:53:18.0843 3384 WpdUsb - ok
00:53:18.0906 3384 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
00:53:19.0015 3384 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:53:19.0015 3384 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:53:19.0062 3384 Boot (0x1200) (652e12049d938806873116dc907f234d) \Device\Harddisk0\DR0\Partition0
00:53:19.0078 3384 \Device\Harddisk0\DR0\Partition0 - ok
00:53:19.0078 3384 ============================================================
00:53:19.0078 3384 Scan finished
00:53:19.0078 3384 ============================================================
00:53:19.0203 1032 Detected object count: 17
00:53:19.0203 1032 Actual detected object count: 17
00:54:06.0046 1032 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0046 1032 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0046 1032 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0046 1032 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0046 1032 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0046 1032 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0046 1032 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0046 1032 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0062 1032 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
00:54:06.0062 1032 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:06.0078 1032 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:54:06.0078 1032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:54:28.0750 2272 ============================================================
00:54:28.0750 2272 Scan started
00:54:28.0750 2272 Mode: Manual; SigCheck; TDLFS;
00:54:28.0750 2272 ============================================================
00:54:30.0750 2272 Abiosdsk - ok
00:54:30.0859 2272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:54:30.0953 2272 abp480n5 - ok
00:54:31.0343 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:54:31.0500 2272 ACPI - ok
00:54:31.0890 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:54:32.0046 2272 ACPIEC - ok
00:54:32.0125 2272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:54:32.0281 2272 adpu160m - ok
00:54:32.0656 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:54:32.0781 2272 aec - ok
00:54:33.0000 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:54:33.0031 2272 AFD - ok
00:54:33.0265 2272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:54:33.0421 2272 agp440 - ok
00:54:33.0734 2272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:54:33.0859 2272 agpCPQ - ok
00:54:33.0906 2272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:54:34.0000 2272 Aha154x - ok
00:54:34.0359 2272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:54:34.0515 2272 aic78u2 - ok
00:54:34.0593 2272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:54:34.0734 2272 aic78xx - ok
00:54:35.0078 2272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:54:35.0265 2272 AliIde - ok
00:54:35.0750 2272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:54:35.0906 2272 alim1541 - ok
00:54:36.0203 2272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:54:36.0343 2272 amdagp - ok
00:54:36.0796 2272 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:54:36.0875 2272 AmdK8 - ok
00:54:37.0296 2272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:54:37.0406 2272 amsint - ok
00:54:37.0781 2272 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:54:37.0906 2272 APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:54:37.0906 2272 APPDRV - detected UnsignedFile.Multi.Generic (1)
00:54:38.0312 2272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:54:38.0484 2272 asc - ok
00:54:38.0859 2272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:54:38.0953 2272 asc3350p - ok
00:54:39.0296 2272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:54:39.0453 2272 asc3550 - ok
00:54:39.0828 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:54:39.0984 2272 AsyncMac - ok
00:54:40.0390 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:54:40.0531 2272 atapi - ok
00:54:40.0828 2272 Atdisk - ok
00:54:41.0406 2272 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:54:41.0625 2272 ati2mtag - ok
00:54:41.0843 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:54:42.0000 2272 Atmarpc - ok
00:54:42.0078 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:54:42.0265 2272 audstub - ok
00:54:42.0796 2272 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:54:42.0921 2272 BCM43XX - ok
00:54:43.0328 2272 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:54:43.0343 2272 bcm4sbxp - ok
00:54:43.0718 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:54:43.0906 2272 Beep - ok
00:54:44.0218 2272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:54:44.0390 2272 cbidf - ok
00:54:44.0406 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:54:44.0562 2272 cbidf2k - ok
00:54:44.0593 2272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:54:44.0703 2272 cd20xrnt - ok
00:54:44.0734 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:54:44.0953 2272 Cdaudio - ok
00:54:45.0062 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:54:45.0218 2272 Cdfs - ok
00:54:45.0265 2272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:54:45.0421 2272 Cdrom - ok
00:54:45.0453 2272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:54:45.0640 2272 CmBatt - ok
00:54:45.0671 2272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:54:45.0859 2272 CmdIde - ok
00:54:45.0953 2272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:54:46.0109 2272 Compbatt - ok
00:54:46.0156 2272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:54:46.0343 2272 Cpqarray - ok
00:54:46.0390 2272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:54:46.0578 2272 dac2w2k - ok
00:54:46.0625 2272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:54:46.0781 2272 dac960nt - ok
00:54:46.0859 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:54:47.0000 2272 Disk - ok
00:54:47.0062 2272 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
00:54:47.0078 2272 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0078 2272 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
00:54:47.0109 2272 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:54:47.0156 2272 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0156 2272 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
00:54:47.0171 2272 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
00:54:47.0203 2272 DLADResN ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0203 2272 DLADResN - detected UnsignedFile.Multi.Generic (1)
00:54:47.0328 2272 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
00:54:47.0343 2272 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0343 2272 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
00:54:47.0375 2272 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
00:54:47.0406 2272 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0406 2272 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
00:54:47.0437 2272 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
00:54:47.0468 2272 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0468 2272 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
00:54:47.0578 2272 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
00:54:47.0593 2272 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0593 2272 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
00:54:47.0640 2272 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
00:54:47.0671 2272 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0671 2272 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
00:54:47.0703 2272 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
00:54:47.0734 2272 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
00:54:47.0734 2272 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
00:54:47.0812 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:54:47.0968 2272 dmboot - ok
00:54:48.0093 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:54:48.0250 2272 dmio - ok
00:54:48.0281 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:54:48.0484 2272 dmload - ok
00:54:48.0578 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:54:48.0718 2272 DMusic - ok
00:54:48.0843 2272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:54:48.0984 2272 dpti2o - ok
00:54:49.0046 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:54:49.0187 2272 drmkaud - ok
00:54:49.0234 2272 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:54:49.0265 2272 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
00:54:49.0265 2272 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
00:54:49.0296 2272 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:54:49.0328 2272 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
00:54:49.0328 2272 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
00:54:49.0390 2272 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
00:54:49.0421 2272 dsNcAdpt - ok
00:54:49.0562 2272 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
00:54:49.0593 2272 DSproct ( UnsignedFile.Multi.Generic ) - warning
00:54:49.0593 2272 DSproct - detected UnsignedFile.Multi.Generic (1)
00:54:49.0718 2272 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:54:49.0890 2272 E100B - ok
00:54:50.0156 2272 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:54:50.0203 2272 eeCtrl - ok
00:54:50.0250 2272 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:54:50.0265 2272 EraserUtilRebootDrv - ok
00:54:50.0390 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:54:50.0546 2272 Fastfat - ok
00:54:50.0593 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:54:50.0750 2272 Fdc - ok
00:54:50.0781 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:54:50.0953 2272 Fips - ok
00:54:51.0000 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:54:51.0156 2272 Flpydisk - ok
00:54:51.0296 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:54:51.0437 2272 FltMgr - ok
00:54:51.0468 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:54:51.0625 2272 Fs_Rec - ok
00:54:51.0640 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:54:51.0796 2272 Ftdisk - ok
00:54:51.0859 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:54:52.0031 2272 Gpc - ok
00:54:52.0171 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:54:52.0312 2272 HDAudBus - ok
00:54:52.0343 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:54:52.0500 2272 HidUsb - ok
00:54:52.0531 2272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:54:52.0687 2272 hpn - ok
00:54:52.0765 2272 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:54:52.0843 2272 HSF_DPV - ok
00:54:52.0984 2272 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:54:53.0015 2272 HSXHWAZL - ok
00:54:53.0062 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:54:53.0093 2272 HTTP - ok
00:54:53.0156 2272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:54:53.0296 2272 i2omgmt - ok
00:54:53.0406 2272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:54:53.0546 2272 i2omp - ok
00:54:53.0578 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:54:53.0734 2272 i8042prt - ok
00:54:53.0765 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:54:53.0921 2272 Imapi - ok
00:54:54.0046 2272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:54:54.0234 2272 ini910u - ok
00:54:54.0265 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:54:54.0421 2272 IntelIde - ok
00:54:54.0468 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:54:54.0625 2272 intelppm - ok
00:54:54.0750 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:54:54.0890 2272 Ip6Fw - ok
00:54:54.0921 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:54:55.0093 2272 IpFilterDriver - ok
00:54:55.0156 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:54:55.0281 2272 IpInIp - ok
00:54:55.0312 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:54:55.0484 2272 IpNat - ok
00:54:55.0609 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:54:55.0765 2272 IPSec - ok
00:54:55.0781 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:54:55.0937 2272 IRENUM - ok
00:54:55.0968 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:54:56.0125 2272 isapnp - ok
00:54:56.0187 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:54:56.0328 2272 Kbdclass - ok
00:54:56.0421 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:54:56.0578 2272 kmixer - ok
00:54:56.0625 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:54:56.0671 2272 KSecDD - ok
00:54:56.0750 2272 MBAMSwissArmy (376c6f143bdc33456f49d881742d663c) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:54:56.0765 2272 MBAMSwissArmy - ok
00:54:56.0890 2272 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
00:54:56.0921 2272 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
00:54:56.0921 2272 MCSTRM - detected UnsignedFile.Multi.Generic (1)
00:54:56.0968 2272 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:54:57.0000 2272 mdmxsdk - ok
00:54:57.0046 2272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:54:57.0062 2272 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
00:54:57.0062 2272 MHNDRV - detected UnsignedFile.Multi.Generic (1)
00:54:57.0093 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:54:57.0250 2272 mnmdd - ok
00:54:57.0375 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:54:57.0515 2272 Modem - ok
00:54:57.0531 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:54:57.0687 2272 Mouclass - ok
00:54:57.0750 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:54:57.0921 2272 mouhid - ok
00:54:57.0968 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:54:58.0109 2272 MountMgr - ok
00:54:58.0593 2272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:54:58.0750 2272 mraid35x - ok
00:54:58.0875 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:54:59.0015 2272 MRxDAV - ok
00:54:59.0125 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:54:59.0203 2272 MRxSmb - ok
00:54:59.0312 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:54:59.0453 2272 Msfs - ok
00:54:59.0515 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:54:59.0656 2272 MSKSSRV - ok
00:54:59.0687 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:54:59.0875 2272 MSPCLOCK - ok
00:54:59.0890 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:55:00.0046 2272 MSPQM - ok
00:55:00.0171 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:55:00.0328 2272 mssmbios - ok
00:55:00.0390 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:55:00.0421 2272 Mup - ok
00:55:00.0640 2272 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.019\NAVENG.SYS
00:55:00.0656 2272 NAVENG - ok
00:55:00.0765 2272 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.019\NAVEX15.SYS
00:55:00.0921 2272 NAVEX15 - ok
00:55:01.0015 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:55:01.0187 2272 NDIS - ok
00:55:01.0234 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:55:01.0265 2272 NdisTapi - ok
00:55:01.0296 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:55:01.0453 2272 Ndisuio - ok
00:55:01.0484 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:55:01.0640 2272 NdisWan - ok
00:55:01.0828 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:55:01.0859 2272 NDProxy - ok
00:55:01.0906 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:55:02.0062 2272 NetBIOS - ok
00:55:02.0093 2272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:55:02.0234 2272 NetBT - ok
00:55:02.0296 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:55:02.0421 2272 Npfs - ok
00:55:02.0562 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:55:02.0718 2272 Ntfs - ok
00:55:02.0828 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:55:03.0015 2272 Null - ok
00:55:03.0109 2272 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:55:03.0250 2272 nv - ok
00:55:03.0359 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:55:03.0531 2272 NwlnkFlt - ok
00:55:03.0562 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:55:03.0734 2272 NwlnkFwd - ok
00:55:03.0765 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:55:03.0890 2272 Parport - ok
00:55:03.0953 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:55:04.0093 2272 PartMgr - ok
00:55:04.0187 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:55:04.0343 2272 ParVdm - ok
00:55:04.0375 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:55:04.0515 2272 PCI - ok
00:55:04.0546 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:55:04.0703 2272 PCIIde - ok
00:55:04.0750 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:55:04.0890 2272 Pcmcia - ok
00:55:04.0984 2272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:55:05.0156 2272 perc2 - ok
00:55:05.0203 2272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:55:05.0375 2272 perc2hib - ok
00:55:05.0453 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:55:05.0593 2272 PptpMiniport - ok
00:55:05.0609 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:55:05.0765 2272 Processor - ok
00:55:05.0890 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:55:06.0031 2272 PSched - ok
00:55:06.0078 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:55:06.0234 2272 Ptilink - ok
00:55:06.0281 2272 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:55:06.0296 2272 PxHelp20 - ok
00:55:06.0328 2272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:55:06.0484 2272 ql1080 - ok
00:55:06.0593 2272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:55:06.0765 2272 Ql10wnt - ok
00:55:06.0812 2272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:55:06.0968 2272 ql12160 - ok
00:55:07.0000 2272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:55:07.0156 2272 ql1240 - ok
00:55:07.0203 2272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:55:07.0375 2272 ql1280 - ok
00:55:07.0500 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:55:07.0640 2272 RasAcd - ok
00:55:07.0671 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:55:07.0828 2272 Rasl2tp - ok
00:55:07.0859 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:55:08.0015 2272 RasPppoe - ok
00:55:08.0031 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:55:08.0171 2272 Raspti - ok
00:55:08.0296 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:55:08.0437 2272 Rdbss - ok
00:55:08.0468 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:55:08.0640 2272 RDPCDD - ok
00:55:08.0687 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:55:08.0906 2272 rdpdr - ok
00:55:09.0031 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:55:09.0078 2272 RDPWD - ok
00:55:09.0125 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:55:09.0281 2272 redbook - ok
00:55:09.0328 2272 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:55:09.0359 2272 rimmptsk - ok
00:55:09.0484 2272 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:55:09.0625 2272 sdbus - ok
00:55:09.0671 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:55:09.0843 2272 Secdrv - ok
00:55:09.0890 2272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:55:10.0062 2272 serenum - ok
00:55:10.0156 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:55:10.0312 2272 Serial - ok
00:55:10.0343 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:55:10.0484 2272 Sfloppy - ok
00:55:10.0500 2272 Simbad - ok
00:55:10.0562 2272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:55:10.0718 2272 sisagp - ok
00:55:10.0812 2272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:55:10.0921 2272 Sparrow - ok
00:55:11.0062 2272 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:55:11.0125 2272 SPBBCDrv - ok
00:55:11.0171 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:55:11.0312 2272 splitter - ok
00:55:11.0500 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:55:11.0640 2272 sr - ok
00:55:11.0734 2272 SRTSP (e217480cc878061d7603a8cdca06c188) C:\WINDOWS\system32\Drivers\SRTSP.SYS
00:55:11.0765 2272 SRTSP - ok
00:55:11.0812 2272 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
00:55:11.0859 2272 SRTSPL - ok
00:55:11.0984 2272 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
00:55:12.0000 2272 SRTSPX - ok
00:55:12.0078 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:55:12.0171 2272 Srv - ok
00:55:12.0296 2272 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:55:12.0328 2272 ssmdrv - ok
00:55:12.0468 2272 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
00:55:12.0562 2272 STHDA - ok
00:55:12.0703 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:55:12.0859 2272 swenum - ok
00:55:12.0921 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:55:13.0093 2272 swmidi - ok
00:55:13.0156 2272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:55:13.0312 2272 symc810 - ok
00:55:13.0421 2272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:55:13.0593 2272 symc8xx - ok
00:55:13.0687 2272 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:55:13.0718 2272 SymEvent - ok
00:55:13.0765 2272 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
00:55:13.0796 2272 symlcbrd - ok
00:55:13.0937 2272 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:55:14.0031 2272 SYMREDRV - ok
00:55:14.0109 2272 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:55:14.0140 2272 SYMTDI - ok
00:55:14.0187 2272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:55:14.0343 2272 sym_hi - ok
00:55:14.0390 2272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:55:14.0531 2272 sym_u3 - ok
00:55:14.0671 2272 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:55:14.0765 2272 SynTP - ok
00:55:14.0796 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:55:14.0937 2272 sysaudio - ok
00:55:14.0984 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:55:15.0078 2272 Tcpip - ok
00:55:15.0187 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:55:15.0343 2272 TDPIPE - ok
00:55:15.0375 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:55:15.0515 2272 TDTCP - ok
00:55:15.0578 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:55:15.0718 2272 TermDD - ok
00:55:15.0765 2272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:55:15.0921 2272 TosIde - ok
00:55:16.0046 2272 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
00:55:16.0093 2272 TrueSight ( UnsignedFile.Multi.Generic ) - warning
00:55:16.0093 2272 TrueSight - detected UnsignedFile.Multi.Generic (1)
00:55:16.0156 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:55:16.0312 2272 Udfs - ok
00:55:16.0343 2272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:55:16.0453 2272 ultra - ok
00:55:16.0640 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:55:16.0828 2272 Update - ok
00:55:16.0875 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:55:17.0031 2272 usbehci - ok
00:55:17.0062 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:55:17.0250 2272 usbhub - ok
00:55:17.0390 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:55:17.0562 2272 usbohci - ok
00:55:17.0593 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:55:17.0750 2272 usbscan - ok
00:55:17.0781 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:55:17.0937 2272 USBSTOR - ok
00:55:18.0093 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:55:18.0250 2272 usbuhci - ok
00:55:18.0312 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:55:18.0453 2272 VgaSave - ok
00:55:18.0515 2272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:55:18.0671 2272 viaagp - ok
00:55:18.0921 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:55:19.0093 2272 ViaIde - ok
00:55:19.0140 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:55:19.0328 2272 VolSnap - ok
00:55:19.0390 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:55:19.0531 2272 Wanarp - ok
00:55:19.0640 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:55:19.0812 2272 wdmaud - ok
00:55:19.0937 2272 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:55:19.0984 2272 winachsf - ok
00:55:20.0203 2272 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:55:20.0359 2272 WmiAcpi - ok
00:55:20.0406 2272 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:55:20.0453 2272 WpdUsb - ok
00:55:20.0515 2272 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
00:55:20.0562 2272 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:55:20.0562 2272 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:55:20.0593 2272 Boot (0x1200) (652e12049d938806873116dc907f234d) \Device\Harddisk0\DR0\Partition0
00:55:20.0593 2272 \Device\Harddisk0\DR0\Partition0 - ok
00:55:20.0593 2272 ============================================================
00:55:20.0593 2272 Scan finished
00:55:20.0593 2272 ============================================================
00:55:20.0609 2636 Detected object count: 17
00:55:20.0609 2636 Actual detected object count: 17
00:56:10.0312 2636 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0312 2636 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0312 2636 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0328 2636 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0328 2636 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0328 2636 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0328 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0328 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0328 2636 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:10.0328 2636 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:10.0328 2636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:56:10.0328 2636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:56:18.0578 3592 Deinitialize success
  • 0

#45
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Lets now remove an item which was present in the TDSSKiller log, then we'll run ComboFix. Can you tell me if you are being redirected whilst browsing the internet?


1)
Run TDSSKiller using the same instructions as before and when you get to the following screen, the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

Posted Image


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



2)
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now





In your next reply
Please post the contents of...
TDSSKiller log
ComboFix log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP