Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SLOOOOOOOWWWWWWW!?


  • This topic is locked This topic is locked

#1
fury1973

fury1973

    New Member

  • Member
  • Pip
  • 7 posts
Ever since I updated to Office 2007 it seems like my computer gets slower by the day.

I've tried almost every Malware/adware cleaner available, I've tried Malware Bytes, I've tried CCcleaner, I've turened off all RSS feeds, I'm tired of running in circles. Can some one take a look at the included log file and give me some clues?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:03 PM, on 11/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\NewSoft\Presto! PageManager 7.16.60\Pmsb.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5437 bytes


Thanks for your help with this.
  • 0

Advertisements


#2
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi fury1973, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them. First, I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

Now I'd like you to run a few scans to give me a better idea of what we are dealing with.

Step One: OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
    C:\Windows\assembly\tmp\U\*.* /s 
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    conserv.dll
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the logs it produces in your next reply, OTL.txt and Extras.txt.

Step Two: aswMBR Scan

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

What I need in your next post:
1. The logs produced by OTL - OTL.txt and Extras.txt.
2. The log produced by aswMBR.
  • 0

#3
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I cannot download OTL program, when I try it pops up and asks me if I want to download, I select yes and it just shows a blank web page.
  • 0

#4
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Finally got it.
OTL logfile created on: 11/2/2011 2:38:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James Milam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 493.06 Mb Available Physical Memory | 48.62% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 45.92 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive H: | 67.82 Gb Total Space | 40.51 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
Drive S: | 67.82 Gb Total Space | 40.51 Gb Free Space | 59.73% Space Free | Partition Type: NTFS

Computer Name: MILAMLAPTOP | User Name: James Milam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 14:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2008/02/22 14:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/12/05 19:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2008/02/26 23:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2007/10/09 06:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 11:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/02/22 14:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/12/05 19:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/21 18:26:40 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111102.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111102.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/08 16:44:14 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/23 21:36:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/01/20 15:05:52 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/01/20 15:05:52 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/01/20 15:05:52 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/11/20 23:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/24 21:50:04 | 000,166,144 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2008/08/24 21:50:04 | 000,166,144 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2008/08/22 12:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 15:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx51.sys -- (SWUMX51) Sierra Wireless USB MUX Driver (UMTS51)
DRV - [2008/08/20 15:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u51.sys -- (SWNC8U51) Sierra Wireless MUX NDIS Driver (UMTS51)
DRV - [2007/12/05 19:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/11/28 18:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/09 06:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/07 11:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/05/18 09:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/06/10 10:55:20 | 000,023,712 | ---- | M] (NetChip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NcBulk.SYS -- (NCBULK)
DRV - [2003/05/29 11:04:50 | 000,018,669 | ---- | M] (Noregon Systems) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SJ1708.sys -- (SJ1708)
DRV - [2002/05/16 17:20:20 | 000,059,685 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Nserial.sys -- (NSerial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status[email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2010/07/23 11:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James Milam\Application Data\Mozilla\Extensions
[2010/07/23 11:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James Milam\Application Data\Mozilla\Extensions\[email protected]
[2011/10/02 11:55:07 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.241.156.107 63.241.156.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFA3FCFB-FA28-43B2-9515-E306FAC60657}: DhcpNameServer = 63.241.156.107 63.241.156.108
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James Milam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Milam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/04/09 07:41:24 | 000,000,029 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/12 17:36:22 | 000,002,268 | ---- | M] () - C:\Autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{99123243-ff1b-11de-9f63-b3576da673bb}\Shell - "" = AutoRun
O33 - MountPoints2\{99123243-ff1b-11de-9f63-b3576da673bb}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2011/11/02 14:35:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
[2011/11/01 16:43:12 | 000,738,080 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James Milam\Desktop\autoruns.exe
[2011/10/30 12:19:13 | 000,000,000 | ---D | C] -- C:\logs
[2011/10/30 12:17:52 | 000,102,400 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.dll
[2011/10/30 12:17:52 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.exe
[2011/10/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2600 Series
[2011/10/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark 2600 Series
[2011/10/30 12:17:40 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2011/10/30 12:17:40 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2011/10/30 12:17:40 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2011/10/30 12:17:40 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2011/10/30 12:17:40 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnutil.dll
[2011/10/30 12:17:40 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2011/10/30 12:17:40 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2011/10/30 12:17:40 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2011/10/30 12:17:40 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2011/10/30 12:17:40 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsb.dll
[2011/10/30 12:17:40 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnins.dll
[2011/10/30 12:17:40 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnjswr.dll
[2011/10/30 12:17:40 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsr.dll
[2011/10/30 12:17:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2011/10/30 12:17:39 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdngf.dll
[2011/10/30 12:17:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2011/10/30 12:17:39 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2011/10/30 12:17:39 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2011/10/30 12:17:39 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2011/10/30 12:17:39 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2011/10/30 12:17:39 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncub.dll
[2011/10/30 12:17:39 | 000,077,906 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\LXDNcfg.dll
[2011/10/30 12:17:39 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncu.dll
[2011/10/30 12:17:39 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncur.dll
[2011/10/29 22:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Milam\Local Settings\Application Data\WinZip
[2011/10/29 22:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/10/29 22:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/29 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/10/05 13:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Milam\Start Menu\Programs\Dell Inc
[2011/10/05 12:17:43 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.dll
[2011/10/05 11:34:33 | 054,735,960 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R151519.EXE
[2011/10/05 11:29:31 | 003,627,472 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R129472.EXE
[2011/10/05 11:27:02 | 028,161,200 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R115564.EXE
[2011/10/05 11:26:58 | 006,131,912 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R111827.EXE
[2011/10/05 11:26:16 | 012,274,200 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R87462.EXE
[2011/10/05 11:23:47 | 008,885,080 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R82742.EXE
[2011/10/05 11:23:47 | 008,874,624 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R87461.EXE
[2011/10/05 11:23:47 | 006,752,776 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R78499.EXE
[2011/10/04 16:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Milam\Start Menu\Programs\HiJackThis
[2011/10/04 16:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/29 09:37:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/09/28 09:57:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James Milam\Recent
[2011/09/26 11:41:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/13 10:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrotherScanner
[2011/09/13 10:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2011/09/13 10:26:49 | 000,413,696 | ---- | C] (Brother International) -- C:\WINDOWS\System32\DSMOB600.DLL
[2011/09/13 10:26:48 | 000,214,528 | ---- | C] (Document Capture Technologies, Inc.) -- C:\WINDOWS\System32\DS600WUI.DLL
[2011/09/13 10:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Brother
[2011/09/13 10:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/09/13 10:24:38 | 000,000,000 | ---D | C] -- C:\BROTHER
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/11/02 14:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
[2011/11/02 14:16:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 09:51:55 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A81D4A29-C5CB-4FF5-805A-68A764B9D154}.job
[2011/11/01 16:55:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/01 16:54:50 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/01 16:53:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/01 16:52:31 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 16:47:51 | 001,762,376 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\AutoRuns.arn
[2011/11/01 16:43:39 | 000,738,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James Milam\Desktop\autoruns.exe
[2011/11/01 15:05:41 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\HiJackThis.lnk
[2011/11/01 09:47:52 | 000,353,760 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\CF Parts list.pdf
[2011/10/30 12:19:37 | 000,016,878 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/10/26 15:10:00 | 002,224,670 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\Stupidpeopleandguns.wmv
[2011/10/24 16:35:21 | 000,270,683 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\Radio repair form.pdf
[2011/10/20 10:58:39 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 10:46:08 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/20 10:46:08 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/20 10:34:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/19 11:32:31 | 000,001,846 | -H-- | M] () -- C:\Documents and Settings\James Milam\My Documents\Default.rdp
[2011/10/10 12:32:00 | 000,041,344 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\Schwing America Invoice.pdf
[2011/10/05 13:26:05 | 008,682,840 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R151334.EXE
[2011/10/05 13:26:03 | 012,149,512 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R151336.EXE
[2011/10/05 13:25:26 | 005,707,464 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R151327.exe
[2011/10/05 11:54:14 | 034,888,064 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\INTEL_MULTI-DEVICE_A18_R257684.exe
[2011/10/05 11:51:12 | 054,735,960 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R151519.EXE
[2011/10/05 11:49:38 | 054,750,848 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R151517.EXE
[2011/10/05 11:49:33 | 054,730,232 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R140747.EXE
[2011/10/05 11:34:33 | 028,161,200 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R115564.EXE
[2011/10/05 11:32:37 | 005,265,232 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\R132254.EXE
[2011/10/05 11:32:19 | 003,627,472 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R129472.EXE
[2011/10/05 11:30:00 | 006,131,912 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R111827.EXE
[2011/10/05 11:29:31 | 012,274,200 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R87462.EXE
[2011/10/05 11:27:02 | 008,874,624 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R87461.EXE
[2011/10/05 11:26:58 | 008,885,080 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R82742.EXE
[2011/10/05 11:26:16 | 006,752,776 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\James Milam\My Documents\R78499.EXE
[2011/10/04 16:49:51 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/03 04:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/30 13:00:00 | 003,023,808 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\EGR s60techguide.pdf
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 09:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/09/06 09:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/01 16:47:50 | 001,762,376 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\AutoRuns.arn
[2011/11/01 09:47:49 | 000,353,760 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\CF Parts list.pdf
[2011/10/30 12:18:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2011/10/30 12:18:45 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2011/10/30 12:18:35 | 000,077,304 | ---- | C] () -- C:\WINDOWS\System32\lxdnprpr.chm
[2011/10/30 12:18:11 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2011/10/30 12:18:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2011/10/30 12:18:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2011/10/30 12:17:40 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2011/10/30 12:17:40 | 000,016,878 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/10/30 12:17:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2011/10/30 12:17:39 | 000,001,633 | ---- | C] () -- C:\WINDOWS\System32\lxdn.loc
[2011/10/26 15:10:00 | 002,224,670 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\Stupidpeopleandguns.wmv
[2011/10/24 16:35:17 | 000,270,683 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\Radio repair form.pdf
[2011/10/20 10:31:39 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 12:32:00 | 000,041,344 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\Schwing America Invoice.pdf
[2011/10/05 13:22:29 | 012,149,512 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R151336.EXE
[2011/10/05 13:22:29 | 008,682,840 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R151334.EXE
[2011/10/05 13:22:29 | 005,707,464 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R151327.exe
[2011/10/05 11:49:33 | 034,888,064 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\INTEL_MULTI-DEVICE_A18_R257684.exe
[2011/10/05 11:32:37 | 054,750,848 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R151517.EXE
[2011/10/05 11:32:19 | 054,730,232 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R140747.EXE
[2011/10/05 11:30:00 | 005,265,232 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\R132254.EXE
[2011/10/04 16:54:30 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\HiJackThis.lnk
[2011/09/30 13:00:00 | 003,023,808 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\EGR s60techguide.pdf
[2011/09/29 09:37:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/08/29 10:37:53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\KmTwain.ini
[2011/08/29 10:33:35 | 000,000,535 | ---- | C] () -- C:\WINDOWS\KPUNINST.INI
[2011/08/29 10:33:31 | 000,001,119 | ---- | C] () -- C:\WINDOWS\KPFLIST.INI
[2011/07/28 14:14:07 | 000,002,604 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/03/31 10:26:12 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2011/01/30 02:29:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 20:22:38 | 000,136,507 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/08/13 20:22:38 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/05/04 16:26:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2010/05/04 16:26:55 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/04/27 13:31:57 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/01/13 11:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2010/01/13 10:38:04 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP13.INI
[2010/01/11 17:35:43 | 000,002,473 | ---- | C] () -- C:\WINDOWS\DG121032.INI
[2010/01/11 17:35:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\DPAMRP32.dll
[2010/01/11 17:33:42 | 000,000,054 | ---- | C] () -- C:\WINDOWS\RP121032.INI
[2010/01/11 17:33:41 | 000,004,050 | ---- | C] () -- C:\WINDOWS\nsirp32.ini
[2010/01/11 17:21:20 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/01/11 16:56:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Milam\Local Settings\Application Data\WavXMapDrive.bat
[2010/01/11 16:46:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/01/11 16:32:21 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/11 16:31:46 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2010/01/11 16:31:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2010/01/11 16:31:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2010/01/11 16:26:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/11 16:26:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/01/11 16:26:26 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/08 20:00:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/01/08 20:00:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/01/08 19:56:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/13 16:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 19:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 19:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 19:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 19:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,446,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,073,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Custom Scans ==========


< C:\Windows\assembly\tmp\U\*.* /s >

< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2004/08/04 07:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\i386\volsnap.inf
[2004/08/04 07:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2010/01/11 16:06:50 | 000,004,964 | ---- | M] () MD5=5C7A9D1B671944FE01FE5E74AB91CA69 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >




OTL Extras logfile created on: 11/2/2011 2:38:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James Milam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 493.06 Mb Available Physical Memory | 48.62% Memory free
2.38 Gb Paging File | 2.04 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 45.92 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive H: | 67.82 Gb Total Space | 40.51 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
Drive S: | 67.82 Gb Total Space | 40.51 Gb Free Space | 59.73% Space Free | Partition Type: NTFS

Computer Name: MILAMLAPTOP | User Name: James Milam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Kyocera\KACT\KACT.exe" = C:\Program Files\Kyocera\KACT\KACT.exe:*:Enabled:KACT -- (KYOCERA MITA CORPORATION)
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf01
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BDEB6E2-6706-4132-A5D3-99190C6BECD8}" = DSmobile 600
"{240B610F-AC34-11D5-AECD-000475391779}" = V-MAC III Service Tools
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{610D8516-AFF0-494B-B16A-663282B97EE4}" = AutoLink
"{6567F265-62EC-4BA9-9629-6B483B608854}" = SmarterMail Sync for Outlook 2003 and above
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E428B557-A5D7-4F38-ACD9-1BEFBBF3ABB3}" = Presto! PageManager 7.16
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8528FEA-B172-11D4-9AF9-0050DA1FF751}" = Noregon Standalone RP1210A API
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF775EA3-7AA1-49F5-A900-DCDA50610E03}" = Dell Mobile Broadband Card Utility
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FF21E219-85A1-474F-B4D3-7D0505E21731}" = Kyocera TWAIN Driver
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dearborn Group DG1210" = Dearborn Group DG1210
"FTDICOMM" = FTDI USB Serial Converter Drivers
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{FF21E219-85A1-474F-B4D3-7D0505E21731}" = Kyocera TWAIN Driver
"KPrint" = KPrint
"Kyocera KM-5050 Product Library" = Kyocera KM-5050 Product Library
"Lexmark 2600 Series" = Lexmark 2600 Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"ST6UNST #1" = Schwing Parts Catalog
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1225248521-3855484110-3344216416-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2011 10:10:07 PM | Computer Name = MILAMLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/27/2011 9:44:09 AM | Computer Name = MILAMLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3776 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 10/27/2011 9:44:09 AM | Computer Name = MILAMLAPTOP | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 10/27/2011 9:44:12 AM | Computer Name = MILAMLAPTOP | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 10/29/2011 4:32:00 PM | Computer Name = MILAMLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/29/2011 9:44:43 PM | Computer Name = MILAMLAPTOP | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 11/1/2011 4:55:36 PM | Computer Name = MILAMLAPTOP | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 3904 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 11/1/2011 4:55:36 PM | Computer Name = MILAMLAPTOP | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 11/1/2011 5:08:06 PM | Computer Name = MILAMLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 11/1/2011 6:08:41 PM | Computer Name = MILAMLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 11/2/2011 2:38:21 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:38:21 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:38:23 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:43:50 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:43:50 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:43:51 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:43:51 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:43:53 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:49:20 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/2/2011 2:49:27 PM | Computer Name = MILAMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
  • 0

#5
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-02 15:26:22
-----------------------------
15:26:22.406 OS Version: Windows 5.1.2600 Service Pack 3
15:26:22.406 Number of processors: 2 586 0xF02
15:26:22.406 ComputerName: MILAMLAPTOP UserName: James Milam
15:26:25.937 Initialize success
15:26:34.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:26:34.375 Disk 0 Vendor: SAMSUNG_HS08XJC GR100-05 Size: 76319MB BusType: 3
15:26:34.687 Disk 0 MBR read successfully
15:26:34.687 Disk 0 MBR scan
15:26:34.687 Disk 0 Windows XP default MBR code
15:26:34.703 Disk 0 scanning sectors +156280320
15:26:34.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:26:46.328 Service scanning
15:26:47.046 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
15:26:47.046 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:26:47.078 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:26:47.093 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
15:26:47.593 Modules scanning
15:27:05.218 Disk 0 trace - called modules:
15:27:05.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:27:05.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6dab8]
15:27:05.671 3 CLASSPNP.SYS[f757efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d47940]
15:27:05.687 Scan finished successfully
15:27:17.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James Milam\Desktop\MBR.dat"
15:27:17.437 The log file has been saved successfully to "C:\Documents and Settings\James Milam\Desktop\aswMBR.txt"
  • 0

#6
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Are you still working on this?
  • 0

#7
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Yes I am. Please keep in mind that I am still in training and my responses have to be checked by an expert before I can post them. I am currently reviewing your logs and will have more steps for you soon.
  • 0

#8
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi fury1973,

Step One: ERUNT
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image
Registry Modifications

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe



Step Two: OTL Fix
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1225248521-3855484110-3344216416-1005\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
    O33 - MountPoints2\{99123243-ff1b-11de-9f63-b3576da673bb}\Shell - "" = AutoRun
    O33 - MountPoints2\{99123243-ff1b-11de-9f63-b3576da673bb}\Shell\AutoRun - "" = Auto&Play
    [2011/03/31 10:26:12 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=dword:00000000
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Three: Run TDSSKiller
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


What I need in your next post:
1. The log from the OTL fix and the log form the new OTL scan, OTL.txt.
2. The log from TDSSKiller, "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
  • 0

#9
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The TDSKiller found 6 suspicious files but it didn't allow me to cure,fix,reboot or otherwise once I clicked continue it said "No problems found" and close was my only option.



OTL logfile created on: 11/4/2011 4:51:51 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James Milam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 423.24 Mb Available Physical Memory | 41.74% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 46.44 Gb Free Space | 62.37% Space Free | Partition Type: NTFS
Drive H: | 67.82 Gb Total Space | 40.48 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive S: | 67.82 Gb Total Space | 40.48 Gb Free Space | 59.69% Space Free | Partition Type: NTFS

Computer Name: MILAMLAPTOP | User Name: James Milam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 14:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2008/02/22 14:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/12/05 19:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/20 11:07:08 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/20 11:07:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/20 10:54:44 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/20 10:54:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/20 10:53:46 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/20 10:48:03 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/20 10:47:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/20 10:42:07 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/02/15 14:08:23 | 000,423,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\office.dll
MOD - [2011/02/11 11:24:56 | 000,004,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2011/02/11 11:23:25 | 000,920,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/07/22 13:13:22 | 000,524,288 | ---- | M] () -- C:\Program Files\SmarterTools\SmarterMail Sync\Outlook\SmarterMailSync.dll
MOD - [2008/02/26 23:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2007/10/09 06:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 11:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/02/22 14:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/12/05 19:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/21 18:26:40 | 000,151,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111104.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111104.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/28 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/28 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/23 21:36:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/01/20 15:05:52 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/01/20 15:05:52 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/01/20 15:05:52 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/11/20 23:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/24 21:50:04 | 000,166,144 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2008/08/24 21:50:04 | 000,166,144 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2008/08/22 12:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 15:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx51.sys -- (SWUMX51) Sierra Wireless USB MUX Driver (UMTS51)
DRV - [2008/08/20 15:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u51.sys -- (SWNC8U51) Sierra Wireless MUX NDIS Driver (UMTS51)
DRV - [2007/12/05 19:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/11/28 18:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/09 06:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/07 11:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/05/18 09:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/06/10 10:55:20 | 000,023,712 | ---- | M] (NetChip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NcBulk.SYS -- (NCBULK)
DRV - [2003/05/29 11:04:50 | 000,018,669 | ---- | M] (Noregon Systems) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SJ1708.sys -- (SJ1708)
DRV - [2002/05/16 17:20:20 | 000,059,685 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Nserial.sys -- (NSerial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2010/07/23 11:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James Milam\Application Data\Mozilla\Extensions
[2010/07/23 11:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James Milam\Application Data\Mozilla\Extensions\[email protected]
[2011/10/02 11:55:07 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\James Milam\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 63.241.156.107 63.241.156.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFA3FCFB-FA28-43B2-9515-E306FAC60657}: DhcpNameServer = 63.241.156.107 63.241.156.108
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James Milam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Milam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/04/09 07:41:24 | 000,000,029 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/12 17:36:22 | 000,002,268 | ---- | M] () - C:\Autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 16:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Wave Systems Corp
[2011/11/04 16:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 16:35:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/04 16:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/04 16:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/04 16:31:00 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\James Milam\Desktop\erunt_setup.exe
[2011/11/02 15:25:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\James Milam\Desktop\aswMBR.exe
[2011/11/02 14:35:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
[2011/11/01 16:43:12 | 000,738,080 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James Milam\Desktop\autoruns.exe
[2011/10/30 12:19:13 | 000,000,000 | ---D | C] -- C:\logs
[2011/10/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2600 Series
[2011/10/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark 2600 Series
[2011/10/30 12:17:40 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2011/10/30 12:17:40 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2011/10/30 12:17:40 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2011/10/30 12:17:40 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2011/10/30 12:17:40 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2011/10/30 12:17:40 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2011/10/30 12:17:40 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2011/10/30 12:17:40 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2011/10/30 12:17:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2011/10/30 12:17:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2011/10/30 12:17:39 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2011/10/30 12:17:39 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2011/10/30 12:17:39 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2011/10/30 12:17:39 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2011/10/29 22:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Milam\Local Settings\Application Data\WinZip
[2011/10/29 22:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/10/29 22:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/29 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 16:46:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 16:45:22 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/04 16:44:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 16:43:52 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 16:35:19 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\James Milam\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/04 16:31:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\James Milam\Desktop\erunt_setup.exe
[2011/11/04 16:16:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/04 14:03:27 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A81D4A29-C5CB-4FF5-805A-68A764B9D154}.job
[2011/11/03 15:36:57 | 000,310,420 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\Flex-A-lite 11224 (30206).pdf
[2011/11/02 15:27:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\MBR.dat
[2011/11/02 15:26:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James Milam\Desktop\aswMBR.exe
[2011/11/02 14:35:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Milam\Desktop\OTL.exe
[2011/11/01 16:47:51 | 001,762,376 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\AutoRuns.arn
[2011/11/01 16:43:39 | 000,738,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\James Milam\Desktop\autoruns.exe
[2011/11/01 15:05:41 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\HiJackThis.lnk
[2011/11/01 09:47:52 | 000,353,760 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\CF Parts list.pdf
[2011/10/30 12:19:37 | 000,016,878 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/10/26 15:10:00 | 002,224,670 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\Stupidpeopleandguns.wmv
[2011/10/24 16:35:21 | 000,270,683 | ---- | M] () -- C:\Documents and Settings\James Milam\Desktop\Radio repair form.pdf
[2011/10/20 10:58:39 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 10:46:08 | 000,446,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/20 10:46:08 | 000,073,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/20 10:34:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/19 11:32:31 | 000,001,846 | -H-- | M] () -- C:\Documents and Settings\James Milam\My Documents\Default.rdp
[2011/10/10 12:32:00 | 000,041,344 | ---- | M] () -- C:\Documents and Settings\James Milam\My Documents\Schwing America Invoice.pdf
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/04 16:35:19 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\James Milam\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/03 15:36:53 | 000,310,420 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\Flex-A-lite 11224 (30206).pdf
[2011/11/02 15:27:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\MBR.dat
[2011/11/01 16:47:50 | 001,762,376 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\AutoRuns.arn
[2011/11/01 09:47:49 | 000,353,760 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\CF Parts list.pdf
[2011/10/30 12:18:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2011/10/30 12:18:45 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2011/10/30 12:18:35 | 000,077,304 | ---- | C] () -- C:\WINDOWS\System32\lxdnprpr.chm
[2011/10/30 12:18:11 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2011/10/30 12:18:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2011/10/30 12:18:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2011/10/30 12:17:40 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2011/10/30 12:17:40 | 000,016,878 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/10/30 12:17:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2011/10/30 12:17:39 | 000,001,633 | ---- | C] () -- C:\WINDOWS\System32\lxdn.loc
[2011/10/26 15:10:00 | 002,224,670 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\Stupidpeopleandguns.wmv
[2011/10/24 16:35:17 | 000,270,683 | ---- | C] () -- C:\Documents and Settings\James Milam\Desktop\Radio repair form.pdf
[2011/10/20 10:31:39 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 12:32:00 | 000,041,344 | ---- | C] () -- C:\Documents and Settings\James Milam\My Documents\Schwing America Invoice.pdf
[2011/09/29 09:37:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/08/29 10:37:53 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\KmTwain.ini
[2011/08/29 10:33:35 | 000,000,535 | ---- | C] () -- C:\WINDOWS\KPUNINST.INI
[2011/08/29 10:33:31 | 000,001,119 | ---- | C] () -- C:\WINDOWS\KPFLIST.INI
[2011/07/28 14:14:07 | 000,002,604 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/01/30 02:29:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 20:22:38 | 000,136,507 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/08/13 20:22:38 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/05/04 16:26:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2010/05/04 16:26:55 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/04/27 13:31:57 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/01/13 11:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2010/01/13 10:38:04 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP13.INI
[2010/01/11 17:35:43 | 000,002,473 | ---- | C] () -- C:\WINDOWS\DG121032.INI
[2010/01/11 17:35:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\DPAMRP32.dll
[2010/01/11 17:33:42 | 000,000,054 | ---- | C] () -- C:\WINDOWS\RP121032.INI
[2010/01/11 17:33:41 | 000,004,050 | ---- | C] () -- C:\WINDOWS\nsirp32.ini
[2010/01/11 17:21:20 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/01/11 16:56:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James Milam\Local Settings\Application Data\WavXMapDrive.bat
[2010/01/11 16:46:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/01/11 16:32:21 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/11 16:31:46 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2010/01/11 16:31:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2010/01/11 16:31:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2010/01/11 16:26:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/11 16:26:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/01/11 16:26:26 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/08 20:00:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/01/08 20:00:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/01/08 19:56:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/13 16:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,446,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,073,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/07/27 14:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/04/19 18:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/01/12 16:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/01/13 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/07/25 09:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pc health check
[2011/07/21 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2010/07/23 11:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/07/25 09:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/07/27 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/10/29 22:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/11 17:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\AT&T
[2011/06/20 16:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\Canon
[2010/01/11 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\DBUpdater
[2010/12/19 22:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\FCTB000062781
[2011/02/10 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\FreeFileViewer
[2010/08/06 20:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\HughesNet Download Manager
[2011/06/23 14:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\NewSoft
[2010/02/05 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\Nitro PDF
[2010/01/11 17:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\Sierra Wireless
[2011/07/21 12:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\spotmau
[2010/01/11 16:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\TeamViewer
[2010/07/23 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\TomTom
[2011/07/28 14:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\uTorrent
[2010/01/11 16:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\Wave Systems Corp
[2011/02/11 12:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Milam\Application Data\Windows Search
[2011/11/04 14:03:27 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A81D4A29-C5CB-4FF5-805A-68A764B9D154}.job

========== Purity Check ==========



< End of report >
16:59:31.0593 0164 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
16:59:32.0187 0164 ============================================================
16:59:32.0187 0164 Current date / time: 2011/11/04 16:59:32.0187
16:59:32.0187 0164 SystemInfo:
16:59:32.0187 0164
16:59:32.0187 0164 OS Version: 5.1.2600 ServicePack: 3.0
16:59:32.0187 0164 Product type: Workstation
16:59:32.0187 0164 ComputerName: MILAMLAPTOP
16:59:32.0187 0164 UserName: James Milam
16:59:32.0187 0164 Windows directory: C:\WINDOWS
16:59:32.0187 0164 System windows directory: C:\WINDOWS
16:59:32.0187 0164 Processor architecture: Intel x86
16:59:32.0187 0164 Number of processors: 2
16:59:32.0187 0164 Page size: 0x1000
16:59:32.0187 0164 Boot type: Normal boot
16:59:32.0187 0164 ============================================================
16:59:34.0093 0164 Initialize success
17:00:12.0515 0796 ============================================================
17:00:12.0515 0796 Scan started
17:00:12.0515 0796 Mode: Manual; SigCheck; TDLFS;
17:00:12.0515 0796 ============================================================
17:00:13.0937 0796 Abiosdsk - ok
17:00:13.0984 0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:00:16.0468 0796 abp480n5 - ok
17:00:16.0640 0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:17.0000 0796 ACPI - ok
17:00:17.0046 0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:17.0218 0796 ACPIEC - ok
17:00:17.0296 0796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:00:17.0500 0796 adpu160m - ok
17:00:17.0531 0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:17.0703 0796 aec - ok
17:00:17.0781 0796 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:00:17.0828 0796 AFD - ok
17:00:17.0890 0796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:00:18.0078 0796 agp440 - ok
17:00:18.0125 0796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:00:18.0296 0796 agpCPQ - ok
17:00:18.0343 0796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:00:18.0421 0796 Aha154x - ok
17:00:18.0484 0796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:00:18.0640 0796 aic78u2 - ok
17:00:18.0687 0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:00:18.0859 0796 aic78xx - ok
17:00:18.0921 0796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:00:19.0078 0796 AliIde - ok
17:00:19.0140 0796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:00:19.0296 0796 alim1541 - ok
17:00:19.0343 0796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:00:19.0500 0796 amdagp - ok
17:00:19.0578 0796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:00:19.0656 0796 amsint - ok
17:00:19.0703 0796 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:00:20.0203 0796 ApfiltrService - ok
17:00:20.0281 0796 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:00:20.0328 0796 APPDRV ( UnsignedFile.Multi.Generic ) - warning
17:00:20.0328 0796 APPDRV - detected UnsignedFile.Multi.Generic (1)
17:00:20.0406 0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:00:20.0625 0796 Arp1394 - ok
17:00:20.0671 0796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:00:20.0843 0796 asc - ok
17:00:20.0890 0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:00:20.0968 0796 asc3350p - ok
17:00:21.0015 0796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:00:21.0250 0796 asc3550 - ok
17:00:21.0312 0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:21.0484 0796 AsyncMac - ok
17:00:21.0531 0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:21.0796 0796 atapi - ok
17:00:21.0812 0796 Atdisk - ok
17:00:21.0843 0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:22.0015 0796 Atmarpc - ok
17:00:22.0046 0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:22.0203 0796 audstub - ok
17:00:22.0265 0796 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:00:22.0312 0796 b57w2k - ok
17:00:22.0421 0796 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
17:00:22.0500 0796 BASFND ( UnsignedFile.Multi.Generic ) - warning
17:00:22.0500 0796 BASFND - detected UnsignedFile.Multi.Generic (1)
17:00:22.0640 0796 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:00:22.0843 0796 BCM43XX - ok
17:00:22.0906 0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:23.0140 0796 Beep - ok
17:00:23.0218 0796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:00:23.0375 0796 cbidf - ok
17:00:23.0390 0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:00:23.0546 0796 cbidf2k - ok
17:00:23.0609 0796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:00:23.0687 0796 cd20xrnt - ok
17:00:23.0734 0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:00:23.0890 0796 Cdaudio - ok
17:00:23.0953 0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:00:24.0140 0796 Cdfs - ok
17:00:24.0203 0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:00:24.0421 0796 Cdrom - ok
17:00:24.0468 0796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:00:24.0625 0796 CmBatt - ok
17:00:24.0671 0796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:00:24.0843 0796 CmdIde - ok
17:00:24.0906 0796 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
17:00:24.0937 0796 COH_Mon - ok
17:00:24.0953 0796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:00:25.0140 0796 Compbatt - ok
17:00:25.0187 0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:00:25.0343 0796 Cpqarray - ok
17:00:25.0375 0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:00:25.0562 0796 dac2w2k - ok
17:00:25.0625 0796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:00:25.0781 0796 dac960nt - ok
17:00:25.0812 0796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:00:25.0968 0796 Disk - ok
17:00:26.0046 0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:00:26.0312 0796 dmboot - ok
17:00:26.0375 0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:00:26.0593 0796 dmio - ok
17:00:26.0625 0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:00:26.0859 0796 dmload - ok
17:00:26.0906 0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:00:27.0078 0796 DMusic - ok
17:00:27.0140 0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:00:27.0312 0796 dpti2o - ok
17:00:27.0312 0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:00:27.0468 0796 drmkaud - ok
17:00:27.0531 0796 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
17:00:27.0546 0796 DXEC01 ( UnsignedFile.Multi.Generic ) - warning
17:00:27.0546 0796 DXEC01 - detected UnsignedFile.Multi.Generic (1)
17:00:27.0593 0796 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:00:27.0765 0796 E100B - ok
17:00:27.0906 0796 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:00:27.0953 0796 eeCtrl - ok
17:00:27.0968 0796 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:00:28.0000 0796 EraserUtilRebootDrv - ok
17:00:28.0046 0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:00:28.0281 0796 Fastfat - ok
17:00:28.0328 0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:00:28.0500 0796 Fdc - ok
17:00:28.0546 0796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:00:28.0718 0796 Fips - ok
17:00:28.0750 0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:00:28.0906 0796 Flpydisk - ok
17:00:28.0968 0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:00:29.0156 0796 FltMgr - ok
17:00:29.0203 0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:00:29.0390 0796 Fs_Rec - ok
17:00:29.0468 0796 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
17:00:29.0515 0796 FTDIBUS - ok
17:00:29.0546 0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:00:29.0703 0796 Ftdisk - ok
17:00:29.0765 0796 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
17:00:29.0843 0796 FTSER2K - ok
17:00:29.0890 0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:00:30.0062 0796 Gpc - ok
17:00:30.0109 0796 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
17:00:30.0171 0796 guardian2 - ok
17:00:30.0234 0796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:00:30.0406 0796 HDAudBus - ok
17:00:30.0453 0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:00:30.0609 0796 HidUsb - ok
17:00:30.0640 0796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:00:30.0796 0796 hpn - ok
17:00:30.0859 0796 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:00:31.0093 0796 HPZid412 - ok
17:00:31.0156 0796 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:00:31.0203 0796 HPZipr12 - ok
17:00:31.0281 0796 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:00:31.0359 0796 HPZius12 - ok
17:00:31.0437 0796 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:00:31.0531 0796 HSFHWAZL - ok
17:00:31.0625 0796 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:00:31.0734 0796 HSF_DPV - ok
17:00:31.0843 0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:00:31.0953 0796 HTTP - ok
17:00:32.0015 0796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:00:32.0203 0796 i2omgmt - ok
17:00:32.0265 0796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:00:32.0421 0796 i2omp - ok
17:00:32.0484 0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:00:32.0656 0796 i8042prt - ok
17:00:33.0031 0796 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:00:33.0546 0796 ialm - ok
17:00:33.0718 0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:00:33.0906 0796 Imapi - ok
17:00:33.0968 0796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:00:34.0140 0796 ini910u - ok
17:00:34.0203 0796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:00:34.0375 0796 IntelIde - ok
17:00:34.0484 0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:00:34.0671 0796 intelppm - ok
17:00:34.0734 0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:00:34.0890 0796 Ip6Fw - ok
17:00:34.0953 0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:00:35.0109 0796 IpFilterDriver - ok
17:00:35.0171 0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:00:35.0312 0796 IpInIp - ok
17:00:35.0375 0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:00:35.0593 0796 IpNat - ok
17:00:35.0640 0796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:00:35.0875 0796 IPSec - ok
17:00:35.0921 0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:00:36.0031 0796 IRENUM - ok
17:00:36.0062 0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:00:36.0265 0796 isapnp - ok
17:00:36.0296 0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:00:36.0453 0796 Kbdclass - ok
17:00:36.0484 0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:00:36.0640 0796 kbdhid - ok
17:00:36.0671 0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:00:36.0859 0796 kmixer - ok
17:00:36.0937 0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:00:37.0125 0796 KSecDD - ok
17:00:37.0218 0796 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:00:37.0265 0796 mdmxsdk - ok
17:00:37.0296 0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:00:37.0468 0796 mnmdd - ok
17:00:37.0546 0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:00:37.0703 0796 Modem - ok
17:00:37.0734 0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:00:37.0921 0796 Mouclass - ok
17:00:37.0937 0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:00:38.0125 0796 mouhid - ok
17:00:38.0156 0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:00:38.0328 0796 MountMgr - ok
17:00:38.0375 0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:00:38.0546 0796 mraid35x - ok
17:00:38.0578 0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:00:38.0781 0796 MRxDAV - ok
17:00:38.0875 0796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:00:39.0031 0796 MRxSmb - ok
17:00:39.0062 0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:00:39.0250 0796 Msfs - ok
17:00:39.0281 0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:00:39.0468 0796 MSKSSRV - ok
17:00:39.0531 0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:00:39.0687 0796 MSPCLOCK - ok
17:00:39.0734 0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:00:39.0890 0796 MSPQM - ok
17:00:39.0937 0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:00:40.0109 0796 mssmbios - ok
17:00:40.0156 0796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:00:40.0265 0796 Mup - ok
17:00:40.0468 0796 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111104.002\NAVENG.SYS
17:00:40.0484 0796 NAVENG - ok
17:00:40.0593 0796 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111104.002\NAVEX15.SYS
17:00:40.0718 0796 NAVEX15 - ok
17:00:40.0859 0796 NCBULK (3d6a5ec1d6fabe76535041b1f38a54bf) C:\WINDOWS\system32\drivers\NcBulk.sys
17:00:40.0875 0796 NCBULK ( UnsignedFile.Multi.Generic ) - warning
17:00:40.0875 0796 NCBULK - detected UnsignedFile.Multi.Generic (1)
17:00:40.0968 0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:00:41.0203 0796 NDIS - ok
17:00:41.0265 0796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:00:41.0328 0796 NdisTapi - ok
17:00:41.0390 0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:00:41.0562 0796 Ndisuio - ok
17:00:41.0609 0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:00:41.0812 0796 NdisWan - ok
17:00:41.0875 0796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:00:41.0984 0796 NDProxy - ok
17:00:42.0031 0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:00:42.0171 0796 NetBIOS - ok
17:00:42.0218 0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:00:42.0406 0796 NetBT - ok
17:00:42.0468 0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:00:42.0640 0796 NIC1394 - ok
17:00:42.0671 0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:00:42.0828 0796 Npfs - ok
17:00:42.0906 0796 NSerial (a41fe4f39c2c5012d99b4ed4e2e9d9fd) C:\WINDOWS\system32\DRIVERS\Nserial.sys
17:00:42.0921 0796 NSerial ( UnsignedFile.Multi.Generic ) - warning
17:00:42.0921 0796 NSerial - detected UnsignedFile.Multi.Generic (1)
17:00:42.0984 0796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:00:43.0250 0796 Ntfs - ok
17:00:43.0312 0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:00:43.0531 0796 Null - ok
17:00:43.0656 0796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:00:44.0000 0796 nv - ok
17:00:44.0046 0796 NWDellModem (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys
17:00:44.0156 0796 NWDellModem - ok
17:00:44.0171 0796 NWDellPort (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelser.sys
17:00:44.0218 0796 NWDellPort - ok
17:00:44.0265 0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:00:44.0421 0796 NwlnkFlt - ok
17:00:44.0468 0796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:00:44.0625 0796 NwlnkFwd - ok
17:00:44.0687 0796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:00:44.0921 0796 ohci1394 - ok
17:00:44.0968 0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:00:45.0156 0796 Parport - ok
17:00:45.0171 0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:00:45.0328 0796 PartMgr - ok
17:00:45.0343 0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:00:45.0500 0796 ParVdm - ok
17:00:45.0546 0796 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
17:00:45.0562 0796 PBADRV - ok
17:00:45.0625 0796 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
17:00:45.0640 0796 PCASp50 - ok
17:00:45.0703 0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:00:45.0875 0796 PCI - ok
17:00:45.0906 0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:00:46.0062 0796 PCIIde - ok
17:00:46.0125 0796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:00:46.0296 0796 Pcmcia - ok
17:00:46.0343 0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:00:46.0484 0796 perc2 - ok
17:00:46.0531 0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:00:46.0671 0796 perc2hib - ok
17:00:46.0750 0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:00:46.0953 0796 PptpMiniport - ok
17:00:46.0968 0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:00:47.0125 0796 PSched - ok
17:00:47.0156 0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:00:47.0328 0796 Ptilink - ok
17:00:47.0359 0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:00:47.0500 0796 ql1080 - ok
17:00:47.0515 0796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:00:47.0671 0796 Ql10wnt - ok
17:00:47.0703 0796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:00:47.0859 0796 ql12160 - ok
17:00:47.0875 0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:00:48.0031 0796 ql1240 - ok
17:00:48.0062 0796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:00:48.0218 0796 ql1280 - ok
17:00:48.0250 0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:00:48.0390 0796 RasAcd - ok
17:00:48.0437 0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:00:48.0609 0796 Rasl2tp - ok
17:00:48.0640 0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:00:48.0875 0796 RasPppoe - ok
17:00:48.0890 0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:00:49.0062 0796 Raspti - ok
17:00:49.0109 0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:00:49.0296 0796 Rdbss - ok
17:00:49.0312 0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:00:49.0453 0796 RDPCDD - ok
17:00:49.0515 0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:00:49.0671 0796 rdpdr - ok
17:00:49.0734 0796 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:00:49.0812 0796 RDPWD - ok
17:00:49.0859 0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:00:50.0000 0796 redbook - ok
17:00:50.0062 0796 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:00:50.0109 0796 RimVSerPort - ok
17:00:50.0140 0796 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:00:50.0296 0796 ROOTMODEM - ok
17:00:50.0390 0796 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:00:50.0531 0796 sdbus - ok
17:00:50.0593 0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:00:50.0687 0796 Secdrv - ok
17:00:50.0734 0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:00:50.0906 0796 serenum - ok
17:00:50.0937 0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:00:51.0109 0796 Serial - ok
17:00:51.0187 0796 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:00:51.0328 0796 sffdisk - ok
17:00:51.0359 0796 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:00:51.0546 0796 sffp_sd - ok
17:00:51.0593 0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:00:51.0750 0796 Sfloppy - ok
17:00:51.0781 0796 Simbad - ok
17:00:51.0843 0796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:00:51.0984 0796 sisagp - ok
17:00:52.0046 0796 SJ1708 (c24697977cbfe530cf70f477f02ea533) C:\WINDOWS\system32\Drivers\SJ1708.sys
17:00:52.0062 0796 SJ1708 ( UnsignedFile.Multi.Generic ) - warning
17:00:52.0062 0796 SJ1708 - detected UnsignedFile.Multi.Generic (1)
17:00:52.0125 0796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:00:52.0203 0796 Sparrow - ok
17:00:52.0328 0796 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:00:52.0390 0796 SPBBCDrv - ok
17:00:52.0421 0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:00:52.0593 0796 splitter - ok
17:00:52.0640 0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:00:52.0750 0796 sr - ok
17:00:52.0796 0796 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:00:52.0843 0796 SRTSP - ok
17:00:52.0890 0796 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:00:52.0921 0796 SRTSPL - ok
17:00:52.0968 0796 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:00:53.0000 0796 SRTSPX - ok
17:00:53.0031 0796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:00:53.0140 0796 Srv - ok
17:00:53.0265 0796 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
17:00:53.0406 0796 STHDA - ok
17:00:53.0500 0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:00:53.0671 0796 swenum - ok
17:00:53.0718 0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:00:53.0890 0796 swmidi - ok
17:00:53.0937 0796 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
17:00:53.0968 0796 swmsflt - ok
17:00:54.0031 0796 SWNC8U51 (7ae593fe3d78195987505da0a7e91542) C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
17:00:54.0109 0796 SWNC8U51 - ok
17:00:54.0156 0796 SWUMX51 (3076a3bb7c340bbf851075dd2ebad03f) C:\WINDOWS\system32\DRIVERS\swumx51.sys
17:00:54.0218 0796 SWUMX51 - ok
17:00:54.0281 0796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:00:54.0437 0796 symc810 - ok
17:00:54.0468 0796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:00:54.0625 0796 symc8xx - ok
17:00:54.0687 0796 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:00:54.0703 0796 SymEvent - ok
17:00:54.0765 0796 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:00:54.0796 0796 SYMREDRV - ok
17:00:54.0843 0796 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:00:54.0875 0796 SYMTDI - ok
17:00:54.0921 0796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:00:55.0078 0796 sym_hi - ok
17:00:55.0109 0796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:00:55.0265 0796 sym_u3 - ok
17:00:55.0328 0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:00:55.0484 0796 sysaudio - ok
17:00:55.0562 0796 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
17:00:55.0593 0796 SysPlant - ok
17:00:55.0671 0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:00:55.0781 0796 Tcpip - ok
17:00:55.0812 0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:00:55.0968 0796 TDPIPE - ok
17:00:56.0000 0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:00:56.0218 0796 TDTCP - ok
17:00:56.0265 0796 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\WINDOWS\system32\DRIVERS\teefer2.sys
17:00:56.0296 0796 Teefer2 - ok
17:00:56.0328 0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:00:56.0500 0796 TermDD - ok
17:00:56.0531 0796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:00:56.0671 0796 TosIde - ok
17:00:56.0734 0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:00:56.0906 0796 Udfs - ok
17:00:56.0937 0796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:00:57.0015 0796 ultra - ok
17:00:57.0093 0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:00:57.0265 0796 Update - ok
17:00:57.0312 0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:00:57.0453 0796 usbccgp - ok
17:00:57.0515 0796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:00:57.0671 0796 usbehci - ok
17:00:57.0703 0796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:00:57.0859 0796 usbhub - ok
17:00:57.0890 0796 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:00:58.0046 0796 usbohci - ok
17:00:58.0109 0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:00:58.0281 0796 usbprint - ok
17:00:58.0328 0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:00:58.0484 0796 usbscan - ok
17:00:58.0515 0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:00:58.0656 0796 USBSTOR - ok
17:00:58.0718 0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:00:58.0890 0796 usbuhci - ok
17:00:58.0937 0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:00:59.0125 0796 VgaSave - ok
17:00:59.0171 0796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:00:59.0343 0796 viaagp - ok
17:00:59.0406 0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:00:59.0562 0796 ViaIde - ok
17:00:59.0609 0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:00:59.0765 0796 VolSnap - ok
17:00:59.0843 0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:00:59.0984 0796 Wanarp - ok
17:01:00.0015 0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:00.0171 0796 wdmaud - ok
17:01:00.0281 0796 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:01:00.0343 0796 winachsf - ok
17:01:00.0437 0796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:01:00.0578 0796 WmiAcpi - ok
17:01:00.0656 0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:01:00.0734 0796 WpdUsb - ok
17:01:00.0796 0796 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
17:01:00.0843 0796 WPS - ok
17:01:00.0906 0796 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
17:01:00.0937 0796 WpsHelper - ok
17:01:00.0984 0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:01.0140 0796 WS2IFSL - ok
17:01:01.0218 0796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:01.0328 0796 WudfPf - ok
17:01:01.0375 0796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:01.0406 0796 WudfRd - ok
17:01:01.0484 0796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:01:02.0609 0796 \Device\Harddisk0\DR0 - ok
17:01:02.0640 0796 Boot (0x1200) (a989edf957f8408379c7b04618188c75) \Device\Harddisk0\DR0\Partition0
17:01:02.0640 0796 \Device\Harddisk0\DR0\Partition0 - ok
17:01:02.0640 0796 ============================================================
17:01:02.0640 0796 Scan finished
17:01:02.0640 0796 ============================================================
17:01:02.0765 1220 Detected object count: 6
17:01:02.0765 1220 Actual detected object count: 6
17:01:29.0656 1220 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0656 1220 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:29.0656 1220 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0656 1220 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:29.0656 1220 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0656 1220 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:29.0656 1220 NCBULK ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0656 1220 NCBULK ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:29.0671 1220 NSerial ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0671 1220 NSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:29.0671 1220 SJ1708 ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:29.0671 1220 SJ1708 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:12.0000 3984 ============================================================
17:03:12.0000 3984 Scan started
17:03:12.0000 3984 Mode: Manual; SigCheck; TDLFS;
17:03:12.0000 3984 ============================================================
17:03:12.0593 3984 Abiosdsk - ok
17:03:12.0656 3984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:03:12.0953 3984 abp480n5 - ok
17:03:13.0015 3984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:03:13.0203 3984 ACPI - ok
17:03:13.0265 3984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:03:13.0421 3984 ACPIEC - ok
17:03:13.0484 3984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:03:13.0640 3984 adpu160m - ok
17:03:13.0687 3984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:03:13.0843 3984 aec - ok
17:03:13.0906 3984 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:03:13.0968 3984 AFD - ok
17:03:14.0046 3984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:03:14.0203 3984 agp440 - ok
17:03:14.0265 3984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:03:14.0421 3984 agpCPQ - ok
17:03:14.0484 3984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:03:14.0562 3984 Aha154x - ok
17:03:14.0609 3984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:03:14.0750 3984 aic78u2 - ok
17:03:14.0812 3984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:03:14.0953 3984 aic78xx - ok
17:03:15.0015 3984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:03:15.0171 3984 AliIde - ok
17:03:15.0234 3984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:03:15.0390 3984 alim1541 - ok
17:03:15.0437 3984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:03:15.0593 3984 amdagp - ok
17:03:15.0640 3984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:03:15.0718 3984 amsint - ok
17:03:15.0765 3984 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:03:15.0828 3984 ApfiltrService - ok
17:03:15.0890 3984 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:03:15.0906 3984 APPDRV ( UnsignedFile.Multi.Generic ) - warning
17:03:15.0906 3984 APPDRV - detected UnsignedFile.Multi.Generic (1)
17:03:15.0984 3984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:03:16.0125 3984 Arp1394 - ok
17:03:16.0171 3984 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:03:16.0312 3984 asc - ok
17:03:16.0375 3984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:03:16.0453 3984 asc3350p - ok
17:03:16.0515 3984 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:03:16.0656 3984 asc3550 - ok
17:03:16.0718 3984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:03:16.0859 3984 AsyncMac - ok
17:03:16.0890 3984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:03:17.0046 3984 atapi - ok
17:03:17.0062 3984 Atdisk - ok
17:03:17.0125 3984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:03:17.0281 3984 Atmarpc - ok
17:03:17.0328 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:03:17.0468 3984 audstub - ok
17:03:17.0515 3984 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:03:17.0546 3984 b57w2k - ok
17:03:17.0640 3984 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
17:03:17.0687 3984 BASFND ( UnsignedFile.Multi.Generic ) - warning
17:03:17.0687 3984 BASFND - detected UnsignedFile.Multi.Generic (1)
17:03:17.0796 3984 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:03:17.0875 3984 BCM43XX - ok
17:03:17.0906 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:03:18.0125 3984 Beep - ok
17:03:18.0171 3984 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:03:18.0312 3984 cbidf - ok
17:03:18.0328 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:03:18.0468 3984 cbidf2k - ok
17:03:18.0500 3984 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:03:18.0578 3984 cd20xrnt - ok
17:03:18.0625 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:03:18.0765 3984 Cdaudio - ok
17:03:18.0828 3984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:03:19.0000 3984 Cdfs - ok
17:03:19.0062 3984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:03:19.0234 3984 Cdrom - ok
17:03:19.0281 3984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:03:19.0437 3984 CmBatt - ok
17:03:19.0468 3984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:03:19.0625 3984 CmdIde - ok
17:03:19.0671 3984 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
17:03:19.0703 3984 COH_Mon - ok
17:03:19.0718 3984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:03:19.0890 3984 Compbatt - ok
17:03:19.0953 3984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:03:20.0093 3984 Cpqarray - ok
17:03:20.0156 3984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:03:20.0312 3984 dac2w2k - ok
17:03:20.0328 3984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:03:20.0468 3984 dac960nt - ok
17:03:20.0500 3984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:03:20.0656 3984 Disk - ok
17:03:20.0734 3984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:03:20.0921 3984 dmboot - ok
17:03:20.0984 3984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:03:21.0156 3984 dmio - ok
17:03:21.0187 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:03:21.0328 3984 dmload - ok
17:03:21.0375 3984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:03:21.0531 3984 DMusic - ok
17:03:21.0562 3984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:03:21.0718 3984 dpti2o - ok
17:03:21.0734 3984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:03:21.0875 3984 drmkaud - ok
17:03:21.0937 3984 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
17:03:21.0953 3984 DXEC01 ( UnsignedFile.Multi.Generic ) - warning
17:03:21.0953 3984 DXEC01 - detected UnsignedFile.Multi.Generic (1)
17:03:22.0000 3984 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:03:22.0140 3984 E100B - ok
17:03:22.0281 3984 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:03:22.0328 3984 eeCtrl - ok
17:03:22.0359 3984 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:03:22.0375 3984 EraserUtilRebootDrv - ok
17:03:22.0468 3984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:03:22.0625 3984 Fastfat - ok
17:03:22.0656 3984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:03:22.0812 3984 Fdc - ok
17:03:22.0859 3984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:03:23.0031 3984 Fips - ok
17:03:23.0078 3984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:03:23.0250 3984 Flpydisk - ok
17:03:23.0296 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:03:23.0468 3984 FltMgr - ok
17:03:23.0515 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:03:23.0687 3984 Fs_Rec - ok
17:03:23.0750 3984 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
17:03:23.0796 3984 FTDIBUS - ok
17:03:23.0812 3984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:03:23.0953 3984 Ftdisk - ok
17:03:24.0015 3984 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
17:03:24.0046 3984 FTSER2K - ok
17:03:24.0078 3984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:03:24.0250 3984 Gpc - ok
17:03:24.0296 3984 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
17:03:24.0312 3984 guardian2 - ok
17:03:24.0375 3984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:03:24.0531 3984 HDAudBus - ok
17:03:24.0578 3984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:03:24.0718 3984 HidUsb - ok
17:03:24.0781 3984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:03:24.0921 3984 hpn - ok
17:03:24.0984 3984 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:03:25.0031 3984 HPZid412 - ok
17:03:25.0109 3984 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:03:25.0156 3984 HPZipr12 - ok
17:03:25.0218 3984 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:03:25.0265 3984 HPZius12 - ok
17:03:25.0343 3984 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:03:25.0390 3984 HSFHWAZL - ok
17:03:25.0484 3984 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:03:25.0593 3984 HSF_DPV - ok
17:03:25.0671 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:03:25.0718 3984 HTTP - ok
17:03:25.0781 3984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:03:26.0000 3984 i2omgmt - ok
17:03:26.0031 3984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:03:26.0171 3984 i2omp - ok
17:03:26.0218 3984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:03:26.0390 3984 i8042prt - ok
17:03:26.0750 3984 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:03:27.0171 3984 ialm - ok
17:03:27.0343 3984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:03:27.0562 3984 Imapi - ok
17:03:27.0640 3984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:03:27.0796 3984 ini910u - ok
17:03:27.0843 3984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:03:28.0000 3984 IntelIde - ok
17:03:28.0078 3984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:03:28.0218 3984 intelppm - ok
17:03:28.0265 3984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:03:28.0406 3984 Ip6Fw - ok
17:03:28.0453 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:03:28.0593 3984 IpFilterDriver - ok
17:03:28.0640 3984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:03:28.0796 3984 IpInIp - ok
17:03:28.0843 3984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:03:29.0000 3984 IpNat - ok
17:03:29.0031 3984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:03:29.0203 3984 IPSec - ok
17:03:29.0265 3984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:03:29.0359 3984 IRENUM - ok
17:03:29.0390 3984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:03:29.0531 3984 isapnp - ok
17:03:29.0578 3984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:03:29.0718 3984 Kbdclass - ok
17:03:29.0750 3984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:03:29.0890 3984 kbdhid - ok
17:03:29.0921 3984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:03:30.0093 3984 kmixer - ok
17:03:30.0156 3984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:03:30.0203 3984 KSecDD - ok
17:03:30.0296 3984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:03:30.0343 3984 mdmxsdk - ok
17:03:30.0359 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:03:30.0531 3984 mnmdd - ok
17:03:30.0578 3984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:03:30.0718 3984 Modem - ok
17:03:30.0750 3984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:03:30.0937 3984 Mouclass - ok
17:03:30.0953 3984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:03:31.0093 3984 mouhid - ok
17:03:31.0125 3984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:03:31.0281 3984 MountMgr - ok
17:03:31.0328 3984 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:03:31.0484 3984 mraid35x - ok
17:03:31.0515 3984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:03:31.0703 3984 MRxDAV - ok
17:03:31.0781 3984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:03:31.0875 3984 MRxSmb - ok
17:03:31.0890 3984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:03:32.0046 3984 Msfs - ok
17:03:32.0093 3984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:03:32.0265 3984 MSKSSRV - ok
17:03:32.0312 3984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:03:32.0468 3984 MSPCLOCK - ok
17:03:32.0500 3984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:03:32.0640 3984 MSPQM - ok
17:03:32.0687 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:03:32.0843 3984 mssmbios - ok
17:03:32.0875 3984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:03:32.0906 3984 Mup - ok
17:03:33.0093 3984 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111104.002\NAVENG.SYS
17:03:33.0125 3984 NAVENG - ok
17:03:33.0203 3984 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111104.002\NAVEX15.SYS
17:03:33.0312 3984 NAVEX15 - ok
17:03:33.0390 3984 NCBULK (3d6a5ec1d6fabe76535041b1f38a54bf) C:\WINDOWS\system32\drivers\NcBulk.sys
17:03:33.0437 3984 NCBULK ( UnsignedFile.Multi.Generic ) - warning
17:03:33.0437 3984 NCBULK - detected UnsignedFile.Multi.Generic (1)
17:03:33.0515 3984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:03:33.0718 3984 NDIS - ok
17:03:33.0796 3984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:03:33.0843 3984 NdisTapi - ok
17:03:33.0890 3984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:03:34.0062 3984 Ndisuio - ok
17:03:34.0109 3984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:03:34.0265 3984 NdisWan - ok
17:03:34.0343 3984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:03:34.0375 3984 NDProxy - ok
17:03:34.0421 3984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:03:34.0578 3984 NetBIOS - ok
17:03:34.0609 3984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:03:34.0796 3984 NetBT - ok
17:03:34.0859 3984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:03:35.0031 3984 NIC1394 - ok
17:03:35.0046 3984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:03:35.0234 3984 Npfs - ok
17:03:35.0296 3984 NSerial (a41fe4f39c2c5012d99b4ed4e2e9d9fd) C:\WINDOWS\system32\DRIVERS\Nserial.sys
17:03:35.0312 3984 NSerial ( UnsignedFile.Multi.Generic ) - warning
17:03:35.0312 3984 NSerial - detected UnsignedFile.Multi.Generic (1)
17:03:35.0390 3984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:03:35.0546 3984 Ntfs - ok
17:03:35.0609 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:03:35.0765 3984 Null - ok
17:03:35.0906 3984 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:03:36.0187 3984 nv - ok
17:03:36.0234 3984 NWDellModem (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys
17:03:36.0296 3984 NWDellModem - ok
17:03:36.0312 3984 NWDellPort (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\WINDOWS\system32\DRIVERS\nwdelser.sys
17:03:36.0343 3984 NWDellPort - ok
17:03:36.0375 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:03:36.0531 3984 NwlnkFlt - ok
17:03:36.0671 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:03:36.0875 3984 NwlnkFwd - ok
17:03:36.0953 3984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:03:37.0140 3984 ohci1394 - ok
17:03:37.0187 3984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:03:37.0343 3984 Parport - ok
17:03:37.0359 3984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:03:37.0531 3984 PartMgr - ok
17:03:37.0562 3984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:03:37.0703 3984 ParVdm - ok
17:03:37.0734 3984 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
17:03:37.0765 3984 PBADRV - ok
17:03:37.0812 3984 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
17:03:37.0828 3984 PCASp50 - ok
17:03:37.0890 3984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:03:38.0062 3984 PCI - ok
17:03:38.0078 3984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:03:38.0218 3984 PCIIde - ok
17:03:38.0265 3984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:03:38.0421 3984 Pcmcia - ok
17:03:38.0453 3984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:03:38.0609 3984 perc2 - ok
17:03:38.0640 3984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:03:38.0781 3984 perc2hib - ok
17:03:38.0859 3984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:03:39.0000 3984 PptpMiniport - ok
17:03:39.0031 3984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:03:39.0171 3984 PSched - ok
17:03:39.0203 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:03:39.0375 3984 Ptilink - ok
17:03:39.0390 3984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:03:39.0546 3984 ql1080 - ok
17:03:39.0562 3984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:03:39.0718 3984 Ql10wnt - ok
17:03:39.0750 3984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:03:39.0890 3984 ql12160 - ok
17:03:39.0921 3984 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:03:40.0062 3984 ql1240 - ok
17:03:40.0093 3984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:03:40.0250 3984 ql1280 - ok
17:03:40.0281 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:03:40.0437 3984 RasAcd - ok
17:03:40.0484 3984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:03:40.0656 3984 Rasl2tp - ok
17:03:40.0687 3984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:03:40.0843 3984 RasPppoe - ok
17:03:40.0859 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:03:41.0000 3984 Raspti - ok
17:03:41.0046 3984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:03:41.0218 3984 Rdbss - ok
17:03:41.0234 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:03:41.0421 3984 RDPCDD - ok
17:03:41.0468 3984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:03:41.0625 3984 rdpdr - ok
17:03:41.0687 3984 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:03:41.0718 3984 RDPWD - ok
17:03:41.0765 3984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:03:41.0937 3984 redbook - ok
17:03:42.0000 3984 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:03:42.0031 3984 RimVSerPort - ok
17:03:42.0046 3984 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:03:42.0203 3984 ROOTMODEM - ok
17:03:42.0296 3984 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:03:42.0453 3984 sdbus - ok
17:03:42.0515 3984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:42.0625 3984 Secdrv - ok
17:03:42.0671 3984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:03:42.0843 3984 serenum - ok
17:03:42.0890 3984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:03:43.0062 3984 Serial - ok
17:03:43.0125 3984 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:03:43.0281 3984 sffdisk - ok
17:03:43.0328 3984 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:03:43.0500 3984 sffp_sd - ok
17:03:43.0562 3984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:03:43.0718 3984 Sfloppy - ok
17:03:43.0750 3984 Simbad - ok
17:03:43.0796 3984 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:03:43.0937 3984 sisagp - ok
17:03:44.0015 3984 SJ1708 (c24697977cbfe530cf70f477f02ea533) C:\WINDOWS\system32\Drivers\SJ1708.sys
17:03:44.0031 3984 SJ1708 ( UnsignedFile.Multi.Generic ) - warning
17:03:44.0031 3984 SJ1708 - detected UnsignedFile.Multi.Generic (1)
17:03:44.0093 3984 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:03:44.0171 3984 Sparrow - ok
17:03:44.0281 3984 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:03:44.0328 3984 SPBBCDrv - ok
17:03:44.0406 3984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:03:44.0562 3984 splitter - ok
17:03:44.0609 3984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:44.0734 3984 sr - ok
17:03:44.0781 3984 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:03:44.0812 3984 SRTSP - ok
17:03:44.0875 3984 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:03:44.0906 3984 SRTSPL - ok
17:03:44.0937 3984 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:03:44.0968 3984 SRTSPX - ok
17:03:45.0015 3984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:45.0125 3984 Srv - ok
17:03:45.0265 3984 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
17:03:45.0375 3984 STHDA - ok
17:03:45.0468 3984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:45.0609 3984 swenum - ok
17:03:45.0656 3984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:03:45.0828 3984 swmidi - ok
17:03:45.0890 3984 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
17:03:45.0921 3984 swmsflt - ok
17:03:46.0000 3984 SWNC8U51 (7ae593fe3d78195987505da0a7e91542) C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
17:03:46.0031 3984 SWNC8U51 - ok
17:03:46.0093 3984 SWUMX51 (3076a3bb7c340bbf851075dd2ebad03f) C:\WINDOWS\system32\DRIVERS\swumx51.sys
17:03:46.0125 3984 SWUMX51 - ok
17:03:46.0187 3984 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:03:46.0328 3984 symc810 - ok
17:03:46.0390 3984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:03:46.0531 3984 symc8xx - ok
17:03:46.0609 3984 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:03:46.0640 3984 SymEvent - ok
17:03:46.0687 3984 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:03:46.0718 3984 SYMREDRV - ok
17:03:46.0765 3984 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:03:46.0796 3984 SYMTDI - ok
17:03:46.0859 3984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:03:47.0015 3984 sym_hi - ok
17:03:47.0062 3984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:03:47.0203 3984 sym_u3 - ok
17:03:47.0281 3984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:47.0453 3984 sysaudio - ok
17:03:47.0531 3984 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
17:03:47.0546 3984 SysPlant - ok
17:03:47.0640 3984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:47.0703 3984 Tcpip - ok
17:03:47.0765 3984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:47.0906 3984 TDPIPE - ok
17:03:47.0968 3984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:48.0125 3984 TDTCP - ok
17:03:48.0203 3984 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\WINDOWS\system32\DRIVERS\teefer2.sys
17:03:48.0218 3984 Teefer2 - ok
17:03:48.0250 3984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:48.0421 3984 TermDD - ok
17:03:48.0453 3984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:03:48.0609 3984 TosIde - ok
17:03:48.0640 3984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:03:48.0812 3984 Udfs - ok
17:03:48.0843 3984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:03:48.0921 3984 ultra - ok
17:03:49.0000 3984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:03:49.0156 3984 Update - ok
17:03:49.0203 3984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:49.0359 3984 usbccgp - ok
17:03:49.0406 3984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:49.0546 3984 usbehci - ok
17:03:49.0562 3984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:49.0734 3984 usbhub - ok
17:03:49.0765 3984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:03:49.0921 3984 usbohci - ok
17:03:49.0968 3984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:03:50.0140 3984 usbprint - ok
17:03:50.0187 3984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:03:50.0343 3984 usbscan - ok
17:03:50.0390 3984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:50.0531 3984 USBSTOR - ok
17:03:50.0609 3984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:50.0765 3984 usbuhci - ok
17:03:50.0843 3984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:03:51.0015 3984 VgaSave - ok
17:03:51.0078 3984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:03:51.0250 3984 viaagp - ok
17:03:51.0328 3984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:03:51.0484 3984 ViaIde - ok
17:03:51.0578 3984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:03:51.0718 3984 VolSnap - ok
17:03:51.0781 3984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:03:51.0937 3984 Wanarp - ok
17:03:51.0984 3984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:03:52.0125 3984 wdmaud - ok
17:03:52.0250 3984 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:03:52.0296 3984 winachsf - ok
17:03:52.0453 3984 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:03:52.0593 3984 WmiAcpi - ok
17:03:52.0687 3984 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:03:52.0703 3984 WpdUsb - ok
17:03:52.0781 3984 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
17:03:52.0796 3984 WPS - ok
17:03:52.0875 3984 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
17:03:52.0906 3984 WpsHelper - ok
17:03:52.0953 3984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:03:53.0109 3984 WS2IFSL - ok
17:03:53.0187 3984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:03:53.0265 3984 WudfPf - ok
17:03:53.0328 3984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:03:53.0375 3984 WudfRd - ok
17:03:53.0437 3984 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:03:54.0890 3984 \Device\Harddisk0\DR0 - ok
17:03:54.0937 3984 Boot (0x1200) (a989edf957f8408379c7b04618188c75) \Device\Harddisk0\DR0\Partition0
17:03:54.0937 3984 \Device\Harddisk0\DR0\Partition0 - ok
17:03:54.0937 3984 ============================================================
17:03:54.0937 3984 Scan finished
17:03:54.0937 3984 ============================================================
17:03:54.0953 3968 Detected object count: 6
17:03:54.0953 3968 Actual detected object count: 6
17:03:59.0921 3968 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0921 3968 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:59.0937 3968 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0937 3968 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:59.0937 3968 DXEC01 ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0937 3968 DXEC01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:59.0953 3968 NCBULK ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0953 3968 NCBULK ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:59.0953 3968 NSerial ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0953 3968 NSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:59.0953 3968 SJ1708 ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:59.0953 3968 SJ1708 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#10
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi fury1973, I'm not finding a lot wrong with your logs. How is your computer running? Is it any better?


Step One: Scan with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Posted Image

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
  • Extract the contents of the zipped file to your desktop.
  • Double-click GMERexe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on No.

    Posted Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



Step Two: Malewarebytes' Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step Three: ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step Four: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


What I need in your next post:
1. Please let me know how your computer is running.
2. Results of the GMER scan, Gmer.txt.
3. The MBAM report.
4. The ESET logfile, C:\Program Files\EsetOnlineScanner\log.txt.
5. The Security Check log, checkup.txt.
  • 0

#11
fury1973

fury1973

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Still horribly slow!!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-05 18:03:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HS08XJC rev.GR100-05
Running: gmer.exe; Driver: C:\DOCUME~1\JAMESM~1\LOCALS~1\Temp\awryipoc.sys


---- System - GMER 1.0.15 ----

SSDT 8676AC98 ZwAlertResumeThread
SSDT 86602918 ZwAlertThread
SSDT 864B4200 ZwAllocateVirtualMemory
SSDT 866031D0 ZwConnectPort
SSDT 864A6168 ZwCreateMutant
SSDT 86766518 ZwCreateThread
SSDT 86CED8E0 ZwFreeVirtualMemory
SSDT 86CE6570 ZwImpersonateAnonymousToken
SSDT 86D08E88 ZwImpersonateThread
SSDT 86C822A0 ZwMapViewOfSection
SSDT 86C82C00 ZwOpenEvent
SSDT 865F3720 ZwOpenProcessToken
SSDT 865D4370 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF7613880]
SSDT 86772D00 ZwResumeThread
SSDT 8660B330 ZwSetContextThread
SSDT 865CE430 ZwSetInformationProcess
SSDT 866141A8 ZwSetInformationThread
SSDT 86774E78 ZwSuspendProcess
SSDT 86618408 ZwSuspendThread
SSDT 867928E0 ZwTerminateProcess
SSDT 865D33B8 ZwTerminateThread
SSDT 866063B8 ZwUnmapViewOfSection
SSDT 864A8220 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 2 Bytes [30, E4] {XOR AH, AH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F77 80504813 5 Bytes [86, A8, 41, 61, 86]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 6 Bytes [E0, 28, 79, 86, B8, 33]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4056] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A840FD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8093

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/5/2011 6:13:46 PM
mbam-log-2011-11-05 (18-13-46).txt

Scan type: Quick scan
Objects scanned: 194225
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d7bf97f30d5ed4693b4680fad9a16dc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-06 01:29:41
# local_time=2011-11-05 09:29:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2690790 2690790 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=75368
# found=1
# cleaned=1
# scan_time=4122
C:\Documents and Settings\James Milam\Desktop\Brundagebone\misc\Documents and Settings\James Milam\Local Settings\Temporary Internet Files\Content.IE5\NVCUTZG5\used-Silverado-2500HD-Mirror-Rear-View[1].htm JS/TrojanDownloader.HackLoad.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C




Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 20
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````
  • 0

#12
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi fury1973,

Congratulations, your logs appear clean again! I don't believe that malware is causing your slowness issues but I have a few suggestions for you to try.

Step One: Chkdsk

Go to start > All Programs > Accessories
Right click command prompt and select run as administrator
In the black box type the following :

CHKDSK C: /r

It will ask to do this at next boot - allow it to do so
Then reboot

Step Two: Defrag Hard Drive

Download and run Puran Disc Defragmenter.

Click on Boot Time Defrag button and choose Restart-Defrag-Restart.

Posted Image





Now we have some cleanup to do.

Clean up with OTL

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands 
    [purity] 
    [emptytemp] 
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Update JAVA

It's very important that you keep your computer updated with the latest JAVA Updates.
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Update Adobe Reader

It's very important that you keep your computer updated with the latest Adobe updates.
  • Open Adobe Reader.
  • Click Help on the menu at the top.
  • Click Check for Updates.
  • Allow any updates to be downloaded and installed.

Preventative Programs

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.


Personal Firewalls

It is very important that you use a firewall on your computer in addition to an anti-virus program. For a tutorial on using and understanding firewalls, please go here. Please download and install one of the following free firewalls if you do not already have one installed.

Anti Virus Programs

One antivirus is a must have! Never install more than one antivirus program because these programs will conflict with one another, slow your computer down and lower your overall protection. I recommend Microsoft Security Essentials.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.
  • TFC is a great tool to clean temporary files.


Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click on your version of Windows below:

Windows XP
Windows Vista
Windows 7


Finally, to learn more about how to protect yourself while on the internet read How did I get infected in the first place?



I will keep this thread open for a few days, so if you have any further problems post another reply here.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP