Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Tidserv Activity 2 [Closed] [Solved]

Started by jaydog11 , Jan 02 2012 12:32 PM

  • This topic is locked This topic is locked

#61
jaydog11
Posted 06 January 2012 - 04:22 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here is the OTL quick scan log. I couldn't put anything in the Custom Scan area.

OTL logfile created on: 1/6/2012 3:35:07 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Show User\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 815.88 Mb Available Physical Memory | 81.03% Memory free
1.62 Gb Paging File | 1.55 Gb Available in Paging File | 95.96% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.40 Gb Free Space | 74.09% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 228.96 Mb Free Space | 46.75% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Show User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 10:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/01/18 16:18:40 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2012/01/01 23:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/12/31 19:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/30 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/30 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/30 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/30 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 18:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/03/01 21:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/01/08 02:11:42 | 000,029,184 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/01/07 17:42:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/28 01:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/30 18:04:16 | 000,409,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/11/13 14:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/10/29 20:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 12:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/09 12:49:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2004/08/23 13:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/07/22 16:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 22:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/02/04 12:27:28 | 000,138,240 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMicAry.sys -- (TMicAry)
DRV - [2004/01/30 12:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.midwestdrafting.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/12/31 22:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/01/06 13:49:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/02 16:39:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Show User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Show User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 16:30:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/02 16:01:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 15:55:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 15:55:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 15:55:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 15:55:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 15:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/02 15:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 15:53:39 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 15:53:24 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 13:16:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 10:46:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 10:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Desktop\antivirus stuff
[2012/01/01 23:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\Malwarebytes
[2012/01/01 23:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/01 23:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 23:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/01 22:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 22:57:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 22:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/01 22:54:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/01 22:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\My Ware
[2012/01/01 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2012/01/01 16:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/01 03:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/01 03:11:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Show User\Recent
[2011/12/31 21:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\My Documents\Symantec
[2011/12/31 19:25:10 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 19:25:10 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 19:24:55 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/12/31 19:24:55 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/12/31 19:24:55 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/12/31 19:24:55 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/12/31 19:24:55 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/12/31 19:24:54 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/12/31 19:24:54 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/12/31 19:24:54 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/12/31 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/31 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/31 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/31 19:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/31 19:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Start Menu\Programs\Norton
[2011/12/31 19:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/31 19:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/27 00:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\MTA
[2011/12/25 12:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Local Settings\Application Data\Vivitar Experience Image Manager
[2011/12/25 12:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2011/12/25 12:44:35 | 000,135,168 | ---- | C] (JEILIN Tech.) -- C:\WINDOWS\System32\jl_jdct.drv
[2011/12/25 12:44:34 | 000,015,360 | ---- | C] (JEILIN Technology Corp.) -- C:\WINDOWS\System32\jl2005c.ax
[2011/12/25 12:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\V25
[2011/12/25 12:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2011/12/24 01:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 01:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/17 19:36:43 | 000,000,000 | ---D | C] -- C:\My Documents
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe

========== Files - Modified Within 30 Days ==========

[2012/01/06 15:22:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 13:17:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/05 15:39:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 15:38:28 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Show User\NTUSER.bak
[2012/01/04 16:29:13 | 001,783,024 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\services.reg
[2012/01/04 16:29:13 | 000,211,648 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\enum.reg
[2012/01/04 16:29:13 | 000,007,742 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\class.reg
[2012/01/03 16:41:32 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 16:18:38 | 000,333,917 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 16:39:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 16:02:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:01:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/02 15:47:17 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 15:38:11 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 10:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/01 23:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 16:39:57 | 001,193,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 03:29:04 | 000,439,186 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-220221.backup
[2011/12/31 19:25:36 | 001,193,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 19:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 19:25:10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 19:25:10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 19:25:10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 12:12:38 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/15 07:30:02 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/15 07:30:02 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/14 14:21:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/04 16:29:13 | 001,783,024 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\services.reg
[2012/01/04 16:29:13 | 000,211,648 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\enum.reg
[2012/01/04 16:29:13 | 000,007,742 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\class.reg
[2012/01/03 16:43:45 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 16:20:00 | 000,333,917 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 17:06:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/02 16:01:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/02 16:01:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 16:39:22 | 001,193,394 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/31 19:25:18 | 001,193,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 19:25:10 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 19:25:10 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 19:24:55 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/12/31 19:24:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/12/31 19:24:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/12/31 19:24:29 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/12/31 19:24:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/12/31 19:24:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/12/31 19:24:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/12/31 19:24:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/12/31 19:24:26 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/12/31 19:24:26 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/12/31 19:24:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/12/31 19:24:26 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/12/31 19:24:26 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/12/31 19:24:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/12/31 19:24:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2010/02/11 07:59:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/22 16:32:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\fusioncache.dat
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/08 23:01:05 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\TabletPlanner.tb4

========== LOP Check ==========

[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2012/01/01 22:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 20:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterVideo
[2010/01/07 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\toshiba

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#62
Essexboy
Posted 06 January 2012 - 04:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you select recovery console from the safe mode menu please The red hyphen denotes a space
At the command prompt type the following :

copy-C:\WINDOWS\system32\dllcache\afd.sys-C:\WINDOWS\system32\drivers\afd.sys

It should then state one file copied

Now try a reboot to normal mode
  • 0

#63
jaydog11
Posted 06 January 2012 - 04:38 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I unlocked the task bar and then dragged it down and was able to get a little more space and pasted the text into the custom scan box. And it seemed like a it only took 1 second before it said it had to reboot. I will try the next step
  • 0

#64
jaydog11
Posted 06 January 2012 - 04:39 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
How do you select recover console?
  • 0

#65
Essexboy
Posted 06 January 2012 - 04:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still stuck in safe mode ? Or will it now go to normal mode

When you press F8 to get the safe mode menu there should be an additional option now called recovery console.. This was installed by combofix
  • 0

#66
jaydog11
Posted 06 January 2012 - 04:47 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
its asking me which windows installation I would like to log into?
  • 0

#67
Essexboy
Posted 06 January 2012 - 04:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be number 1
  • 0

#68
jaydog11
Posted 06 January 2012 - 05:06 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
it asked me to overwrite and i said yes.
The it said 1 file copied.
Still wont start normally.
  • 0

#69
Essexboy
Posted 06 January 2012 - 05:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you get to the blue screen is there a stop error on it ?

  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select :
    • Application
    • System
  • Under 'Select type to list', select :
    • Error
    • Warning
Then use the 'Date of events' or 'Number of events' as follows:

Either:
  • Click the radio button for 'Number of events'
    Type 3 in the 1 to 20 box (or any number from 1 to 20)
    Then click the Run button.
    Notepad will open with the output log.

  • Click the radio button for 'Date of events'
    In the From: boxes type today's date (presuming the crash happened today) 13 07 2009
    In the To: boxes type today's date (presuming the crash happened today) 13 07 2009
    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply
  • 0

#70
jaydog11
Posted 06 January 2012 - 05:25 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 06/01/2012 5:22:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/01/2012 1:50:58 PM
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 06/01/2012 1:50:58 PM
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 06/01/2012 1:48:55 PM
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 06/01/2012 1:48:55 PM
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 06/01/2012 1:30:29 PM
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/01/2012 4:17:26 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user TR15-BACKUP\Show User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/01/2012 3:17:50 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user TR15-BACKUP\Show User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/01/2012 6:20:30 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user TR15-BACKUP\Show User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/01/2012 6:20:28 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 31/12/2011 6:45:30 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user TR15-BACKUP\Show User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2012 9:00:07 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: IntelIde

Log: 'System' Date/Time: 03/01/2012 9:00:05 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: %%2147952450

Log: 'System' Date/Time: 03/01/2012 9:00:05 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.

Log: 'System' Date/Time: 03/01/2012 9:00:05 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.

Log: 'System' Date/Time: 03/01/2012 9:00:05 AM
Type: error Category: 0
Event: 7024 Source: Service Control Manager
The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/01/2012 12:42:54 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000E35CD0CF5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2012 12:36:23 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 02/01/2012 10:14:03 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000E35CD0CF5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2012 10:13:39 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 01/01/2012 2:25:08 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
  • 0

Advertisements

#71
Essexboy
Posted 07 January 2012 - 06:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will run TDSSKiller now and if that fails we will then do a clean boot to determine what the problem is

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#72
jaydog11
Posted 07 January 2012 - 12:56 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
12:34:47.0316 1208 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:34:47.0396 1208 ============================================================
12:34:47.0396 1208 Current date / time: 2012/01/07 12:34:47.0396
12:34:47.0396 1208 SystemInfo:
12:34:47.0396 1208
12:34:47.0396 1208 OS Version: 5.1.2600 ServicePack: 3.0
12:34:47.0396 1208 Product type: Workstation
12:34:47.0396 1208 ComputerName: TR15-BACKUP
12:34:47.0396 1208 UserName: Show User
12:34:47.0396 1208 Windows directory: C:\WINDOWS
12:34:47.0396 1208 System windows directory: C:\WINDOWS
12:34:47.0396 1208 Processor architecture: Intel x86
12:34:47.0396 1208 Number of processors: 1
12:34:47.0396 1208 Page size: 0x1000
12:34:47.0396 1208 Boot type: Safe boot
12:34:47.0396 1208 ============================================================
12:34:51.0151 1208 Initialize success
12:35:25.0491 1224 ============================================================
12:35:25.0491 1224 Scan started
12:35:25.0491 1224 Mode: Manual; SigCheck; TDLFS;
12:35:25.0491 1224 ============================================================
12:35:27.0023 1224 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINDOWS\system32\DRIVERS\a347bus.sys
12:35:28.0415 1224 a347bus ( UnsignedFile.Multi.Generic ) - warning
12:35:28.0415 1224 a347bus - detected UnsignedFile.Multi.Generic (1)
12:35:28.0756 1224 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
12:35:28.0786 1224 a347scsi ( UnsignedFile.Multi.Generic ) - warning
12:35:28.0786 1224 a347scsi - detected UnsignedFile.Multi.Generic (1)
12:35:28.0986 1224 Abiosdsk - ok
12:35:29.0196 1224 abp480n5 - ok
12:35:29.0487 1224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:35:34.0604 1224 ACPI - ok
12:35:34.0904 1224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:35:35.0075 1224 ACPIEC - ok
12:35:35.0275 1224 adpu160m - ok
12:35:35.0495 1224 aeaudio - ok
12:35:35.0806 1224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:35:36.0016 1224 aec - ok
12:35:36.0266 1224 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:35:36.0306 1224 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:35:36.0306 1224 AegisP - detected UnsignedFile.Multi.Generic (1)
12:35:36.0597 1224 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:35:36.0707 1224 AFD - ok
12:35:37.0368 1224 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:35:38.0129 1224 AgereSoftModem - ok
12:35:38.0359 1224 Aha154x - ok
12:35:38.0560 1224 aic78u2 - ok
12:35:38.0780 1224 aic78xx - ok
12:35:39.0000 1224 AliIde - ok
12:35:39.0221 1224 amsint - ok
12:35:39.0491 1224 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:35:39.0591 1224 ApfiltrService - ok
12:35:39.0922 1224 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:35:40.0112 1224 Arp1394 - ok
12:35:40.0322 1224 asc - ok
12:35:40.0543 1224 asc3350p - ok
12:35:40.0763 1224 asc3550 - ok
12:35:41.0003 1224 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
12:35:41.0033 1224 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
12:35:41.0033 1224 ASCTRM - detected UnsignedFile.Multi.Generic (1)
12:35:41.0344 1224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:35:41.0494 1224 AsyncMac - ok
12:35:41.0754 1224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:35:41.0935 1224 atapi - ok
12:35:42.0215 1224 Atdisk - ok
12:35:42.0455 1224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:35:42.0636 1224 Atmarpc - ok
12:35:42.0906 1224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:35:43.0066 1224 audstub - ok
12:35:43.0296 1224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:35:43.0447 1224 Beep - ok
12:35:43.0907 1224 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
12:35:44.0769 1224 BHDrvx86 - ok
12:35:44.0959 1224 catchme - ok
12:35:45.0319 1224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:35:45.0490 1224 cbidf2k - ok
12:35:45.0760 1224 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:35:45.0940 1224 CCDECODE - ok
12:35:46.0151 1224 cd20xrnt - ok
12:35:46.0431 1224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:35:46.0591 1224 Cdaudio - ok
12:35:46.0832 1224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:35:47.0032 1224 Cdfs - ok
12:35:47.0583 1224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:35:47.0753 1224 Cdrom - ok
12:35:47.0963 1224 Changer - ok
12:35:48.0314 1224 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:35:48.0484 1224 CmBatt - ok
12:35:48.0684 1224 CmdIde - ok
12:35:48.0925 1224 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:35:49.0085 1224 Compbatt - ok
12:35:49.0425 1224 Cpqarray - ok
12:35:49.0666 1224 dac2w2k - ok
12:35:49.0876 1224 dac960nt - ok
12:35:50.0166 1224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:35:50.0377 1224 Disk - ok
12:35:50.0847 1224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:35:51.0408 1224 dmboot - ok
12:35:51.0779 1224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:35:51.0989 1224 dmio - ok
12:35:52.0199 1224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:35:52.0370 1224 dmload - ok
12:35:52.0630 1224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:35:52.0810 1224 DMusic - ok
12:35:53.0071 1224 dpti2o - ok
12:35:53.0321 1224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:35:53.0491 1224 drmkaud - ok
12:35:53.0862 1224 E100B (4b884f18e70ac6621b2f10503d85cbcf) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:35:53.0962 1224 E100B - ok
12:35:54.0252 1224 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:35:54.0453 1224 eeCtrl - ok
12:35:54.0553 1224 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:35:54.0593 1224 EraserUtilRebootDrv - ok
12:35:54.0983 1224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:35:55.0194 1224 Fastfat - ok
12:35:55.0464 1224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:35:55.0644 1224 Fdc - ok
12:35:55.0885 1224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:35:56.0075 1224 Fips - ok
12:35:56.0385 1224 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
12:35:56.0405 1224 FixTDSS - ok
12:35:56.0606 1224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:35:56.0786 1224 Flpydisk - ok
12:35:57.0036 1224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:35:57.0297 1224 FltMgr - ok
12:35:57.0547 1224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:35:57.0717 1224 Fs_Rec - ok
12:35:57.0978 1224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:35:58.0188 1224 Ftdisk - ok
12:35:58.0769 1224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:35:58.0909 1224 Gpc - ok
12:35:59.0320 1224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:35:59.0510 1224 HidUsb - ok
12:35:59.0760 1224 hpn - ok
12:36:00.0101 1224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:00.0261 1224 HTTP - ok
12:36:00.0471 1224 i2omgmt - ok
12:36:00.0681 1224 i2omp - ok
12:36:00.0932 1224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:01.0112 1224 i8042prt - ok
12:36:01.0603 1224 ialm (15db43b14cd86706719354002dec3f92) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:36:02.0023 1224 ialm - ok
12:36:02.0364 1224 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSxpx86.sys
12:36:02.0574 1224 IDSxpx86 - ok
12:36:02.0875 1224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:03.0075 1224 Imapi - ok
12:36:03.0305 1224 ini910u - ok
12:36:03.0566 1224 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:36:03.0726 1224 IntelIde - ok
12:36:03.0986 1224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:04.0136 1224 intelppm - ok
12:36:04.0397 1224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:36:04.0557 1224 Ip6Fw - ok
12:36:04.0797 1224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:04.0978 1224 IpFilterDriver - ok
12:36:05.0208 1224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:05.0408 1224 IpInIp - ok
12:36:05.0669 1224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:05.0849 1224 IpNat - ok
12:36:06.0169 1224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:06.0390 1224 IPSec - ok
12:36:06.0600 1224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:06.0760 1224 IRENUM - ok
12:36:07.0041 1224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:07.0241 1224 isapnp - ok
12:36:07.0531 1224 JL2005C (a7b973de438a6b98ca7f365837d2f548) C:\WINDOWS\system32\Drivers\jl2005c.sys
12:36:07.0601 1224 JL2005C ( UnsignedFile.Multi.Generic ) - warning
12:36:07.0601 1224 JL2005C - detected UnsignedFile.Multi.Generic (1)
12:36:07.0852 1224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:08.0012 1224 Kbdclass - ok
12:36:08.0292 1224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:36:08.0433 1224 kbdhid - ok
12:36:08.0803 1224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:36:09.0023 1224 kmixer - ok
12:36:09.0294 1224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:09.0434 1224 KSecDD - ok
12:36:09.0654 1224 lbrtfdc - ok
12:36:10.0025 1224 meiudf (6a75fd0b5f008d711dc44d9693e8d632) C:\WINDOWS\system32\Drivers\meiudf.sys
12:36:10.0065 1224 meiudf ( UnsignedFile.Multi.Generic ) - warning
12:36:10.0065 1224 meiudf - detected UnsignedFile.Multi.Generic (1)
12:36:10.0365 1224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:10.0516 1224 mnmdd - ok
12:36:10.0776 1224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:36:10.0946 1224 Modem - ok
12:36:11.0187 1224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:11.0337 1224 Mouclass - ok
12:36:11.0657 1224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:11.0827 1224 mouhid - ok
12:36:12.0088 1224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:12.0298 1224 MountMgr - ok
12:36:12.0508 1224 mraid35x - ok
12:36:12.0789 1224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:13.0009 1224 MRxDAV - ok
12:36:13.0390 1224 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:13.0660 1224 MRxSmb - ok
12:36:13.0931 1224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:36:14.0101 1224 Msfs - ok
12:36:14.0551 1224 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
12:36:14.0571 1224 MSHUSBVideo - ok
12:36:14.0872 1224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:15.0032 1224 MSKSSRV - ok
12:36:15.0262 1224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:15.0433 1224 MSPCLOCK - ok
12:36:15.0663 1224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:15.0833 1224 MSPQM - ok
12:36:16.0084 1224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:16.0254 1224 mssmbios - ok
12:36:16.0584 1224 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:36:16.0755 1224 MSTEE - ok
12:36:17.0095 1224 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:36:17.0185 1224 Mup - ok
12:36:17.0446 1224 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:36:17.0626 1224 NABTSFEC - ok
12:36:17.0866 1224 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS
12:36:17.0926 1224 NAVENG - ok
12:36:18.0447 1224 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS
12:36:19.0338 1224 NAVEX15 - ok
12:36:19.0709 1224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:36:19.0939 1224 NDIS - ok
12:36:20.0200 1224 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:36:20.0410 1224 NdisIP - ok
12:36:20.0660 1224 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:20.0740 1224 NdisTapi - ok
12:36:20.0971 1224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:21.0141 1224 Ndisuio - ok
12:36:21.0381 1224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:21.0592 1224 NdisWan - ok
12:36:21.0832 1224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:21.0942 1224 NDProxy - ok
12:36:22.0303 1224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:22.0483 1224 NetBIOS - ok
12:36:22.0753 1224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:22.0974 1224 NetBT - ok
12:36:23.0354 1224 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:36:23.0544 1224 NIC1394 - ok
12:36:23.0885 1224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:36:24.0055 1224 Npfs - ok
12:36:24.0436 1224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:24.0886 1224 Ntfs - ok
12:36:25.0197 1224 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:36:25.0217 1224 NuidFltr - ok
12:36:25.0547 1224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:36:25.0707 1224 Null - ok
12:36:25.0968 1224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:26.0138 1224 NwlnkFlt - ok
12:36:26.0368 1224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:26.0529 1224 NwlnkFwd - ok
12:36:26.0779 1224 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:36:26.0969 1224 ohci1394 - ok
12:36:27.0270 1224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:27.0460 1224 Parport - ok
12:36:27.0730 1224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:27.0891 1224 PartMgr - ok
12:36:28.0121 1224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:28.0291 1224 ParVdm - ok
12:36:28.0552 1224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:28.0762 1224 PCI - ok
12:36:28.0952 1224 PCIDump - ok
12:36:29.0162 1224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:29.0373 1224 PCIIde - ok
12:36:29.0633 1224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:36:29.0803 1224 Pcmcia - ok
12:36:30.0014 1224 PDCOMP - ok
12:36:30.0224 1224 PDFRAME - ok
12:36:30.0454 1224 PDRELI - ok
12:36:30.0675 1224 PDRFRAME - ok
12:36:30.0885 1224 perc2 - ok
12:36:31.0085 1224 perc2hib - ok
12:36:31.0516 1224 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
12:36:31.0556 1224 pfc ( UnsignedFile.Multi.Generic ) - warning
12:36:31.0556 1224 pfc - detected UnsignedFile.Multi.Generic (1)
12:36:31.0876 1224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:32.0067 1224 PptpMiniport - ok
12:36:32.0367 1224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:32.0547 1224 PSched - ok
12:36:32.0778 1224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:32.0958 1224 Ptilink - ok
12:36:33.0238 1224 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:36:33.0278 1224 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:36:33.0278 1224 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:36:33.0489 1224 ql1080 - ok
12:36:33.0699 1224 Ql10wnt - ok
12:36:33.0909 1224 ql12160 - ok
12:36:34.0110 1224 ql1240 - ok
12:36:34.0320 1224 ql1280 - ok
12:36:34.0600 1224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:34.0770 1224 RasAcd - ok
12:36:35.0041 1224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:35.0191 1224 Rasl2tp - ok
12:36:35.0431 1224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:35.0602 1224 RasPppoe - ok
12:36:35.0842 1224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:36.0012 1224 Raspti - ok
12:36:36.0293 1224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:36.0493 1224 Rdbss - ok
12:36:36.0713 1224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:36.0884 1224 RDPCDD - ok
12:36:37.0244 1224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:37.0454 1224 rdpdr - ok
12:36:37.0755 1224 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:37.0835 1224 RDPWD - ok
12:36:38.0095 1224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:38.0326 1224 redbook - ok
12:36:38.0696 1224 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:36:38.0706 1224 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:36:38.0706 1224 s24trans - detected UnsignedFile.Multi.Generic (1)
12:36:39.0057 1224 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:36:39.0257 1224 sdbus - ok
12:36:39.0507 1224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:39.0788 1224 Secdrv - ok
12:36:40.0078 1224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:40.0288 1224 Serial - ok
12:36:40.0599 1224 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:36:40.0749 1224 sffdisk - ok
12:36:40.0989 1224 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:36:41.0150 1224 sffp_sd - ok
12:36:41.0460 1224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:36:41.0640 1224 Sfloppy - ok
12:36:41.0891 1224 Simbad - ok
12:36:42.0151 1224 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:36:42.0321 1224 SLIP - ok
12:36:42.0532 1224 smwdm - ok
12:36:42.0802 1224 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:36:42.0962 1224 SONYPVU1 - ok
12:36:43.0193 1224 Sparrow - ok
12:36:43.0443 1224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:36:43.0593 1224 splitter - ok
12:36:43.0884 1224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:36:44.0074 1224 sr - ok
12:36:44.0565 1224 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS
12:36:44.0845 1224 SRTSP - ok
12:36:45.0095 1224 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
12:36:45.0135 1224 SRTSPX - ok
12:36:45.0496 1224 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:36:45.0736 1224 Srv - ok
12:36:46.0027 1224 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:36:46.0187 1224 streamip - ok
12:36:46.0497 1224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:36:46.0648 1224 swenum - ok
12:36:46.0898 1224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:36:47.0078 1224 swmidi - ok
12:36:47.0339 1224 symc810 - ok
12:36:47.0549 1224 symc8xx - ok
12:36:47.0929 1224 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
12:36:48.0130 1224 SymDS - ok
12:36:48.0610 1224 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
12:36:49.0021 1224 SymEFA - ok
12:36:49.0381 1224 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:36:49.0422 1224 SymEvent - ok
12:36:49.0722 1224 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
12:36:49.0772 1224 SymIRON - ok
12:36:50.0173 1224 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS
12:36:50.0393 1224 SYMTDI - ok
12:36:50.0623 1224 sym_hi - ok
12:36:50.0834 1224 sym_u3 - ok
12:36:51.0104 1224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:36:51.0334 1224 sysaudio - ok
12:36:51.0615 1224 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
12:36:51.0665 1224 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning
12:36:51.0665 1224 TBiosDrv - detected UnsignedFile.Multi.Generic (1)
12:36:51.0905 1224 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
12:36:51.0955 1224 TBtnKey - ok
12:36:52.0296 1224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:36:52.0556 1224 Tcpip - ok
12:36:52.0836 1224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:36:52.0997 1224 TDPIPE - ok
12:36:53.0257 1224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:36:53.0457 1224 TDTCP - ok
12:36:53.0888 1224 TEchoCan (2109255e76ff3c24d3e9a2c452a258ea) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
12:36:54.0108 1224 TEchoCan ( UnsignedFile.Multi.Generic ) - warning
12:36:54.0108 1224 TEchoCan - detected UnsignedFile.Multi.Generic (1)
12:36:54.0349 1224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:36:54.0499 1224 TermDD - ok
12:36:54.0839 1224 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
12:36:54.0869 1224 Thpdrv ( UnsignedFile.Multi.Generic ) - warning
12:36:54.0869 1224 Thpdrv - detected UnsignedFile.Multi.Generic (1)
12:36:55.0080 1224 Thpevm (51b3dfbe72ce64faf326c07ccbb5d632) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
12:36:55.0140 1224 Thpevm - ok
12:36:55.0420 1224 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
12:36:55.0450 1224 TMEI3E ( UnsignedFile.Multi.Generic ) - warning
12:36:55.0450 1224 TMEI3E - detected UnsignedFile.Multi.Generic (1)
12:36:55.0731 1224 TMicAry (6dad418085651a1a9a2cb9fc5abb40d3) C:\WINDOWS\system32\DRIVERS\TMicAry.sys
12:36:55.0801 1224 TMicAry ( UnsignedFile.Multi.Generic ) - warning
12:36:55.0801 1224 TMicAry - detected UnsignedFile.Multi.Generic (1)
12:36:56.0031 1224 TosIde - ok
12:36:56.0301 1224 TVALZ (ae86154a5cc63530d840fd30c04b870f) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
12:36:56.0331 1224 TVALZ ( UnsignedFile.Multi.Generic ) - warning
12:36:56.0331 1224 TVALZ - detected UnsignedFile.Multi.Generic (1)
12:36:56.0592 1224 Tvs (b56840ed437a0c3f0bfc7224fb2fe0b8) C:\WINDOWS\system32\DRIVERS\Tvs.sys
12:36:56.0622 1224 Tvs ( UnsignedFile.Multi.Generic ) - warning
12:36:56.0622 1224 Tvs - detected UnsignedFile.Multi.Generic (1)
12:36:56.0882 1224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:36:57.0043 1224 Udfs - ok
12:36:57.0243 1224 ultra - ok
12:36:57.0583 1224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:36:57.0944 1224 Update - ok
12:36:58.0244 1224 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:36:58.0445 1224 usbaudio - ok
12:36:58.0735 1224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:36:58.0885 1224 usbccgp - ok
12:36:59.0136 1224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:36:59.0336 1224 usbehci - ok
12:36:59.0616 1224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:36:59.0817 1224 usbhub - ok
12:37:00.0037 1224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:37:00.0207 1224 usbscan - ok
12:37:00.0467 1224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:37:00.0618 1224 USBSTOR - ok
12:37:00.0848 1224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:37:01.0008 1224 usbuhci - ok
12:37:01.0329 1224 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:37:01.0529 1224 usbvideo - ok
12:37:01.0729 1224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:37:01.0889 1224 VgaSave - ok
12:37:02.0100 1224 ViaIde - ok
12:37:02.0400 1224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:37:02.0570 1224 VolSnap - ok
12:37:03.0822 1224 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
12:37:05.0865 1224 w29n51 - ok
12:37:06.0186 1224 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
12:37:06.0356 1224 WacomPen - ok
12:37:06.0596 1224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:37:06.0777 1224 Wanarp - ok
12:37:06.0977 1224 wanatw - ok
12:37:07.0387 1224 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:37:07.0638 1224 Wdf01000 - ok
12:37:07.0838 1224 WDICA - ok
12:37:08.0128 1224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:37:08.0349 1224 wdmaud - ok
12:37:08.0769 1224 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:37:08.0829 1224 WpdUsb - ok
12:37:09.0120 1224 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:37:09.0270 1224 WS2IFSL - ok
12:37:09.0540 1224 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:37:09.0701 1224 WSTCODEC - ok
12:37:09.0991 1224 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:37:10.0081 1224 WudfPf - ok
12:37:10.0332 1224 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:37:10.0392 1224 WudfRd - ok
12:37:10.0642 1224 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
12:37:10.0973 1224 \Device\Harddisk0\DR0 - ok
12:37:11.0013 1224 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
12:37:11.0363 1224 \Device\Harddisk1\DR2 - ok
12:37:11.0393 1224 Boot (0x1200) (2a7c2ba7c664b69cbfe6f45f0d4021e9) \Device\Harddisk0\DR0\Partition0
12:37:11.0393 1224 \Device\Harddisk0\DR0\Partition0 - ok
12:37:11.0423 1224 Boot (0x1200) (052ba7934ce2480cec0708cac14b56da) \Device\Harddisk1\DR2\Partition0
12:37:11.0423 1224 \Device\Harddisk1\DR2\Partition0 - ok
12:37:11.0433 1224 ============================================================
12:37:11.0433 1224 Scan finished
12:37:11.0433 1224 ============================================================
12:37:11.0573 1216 Detected object count: 16
12:37:11.0573 1216 Actual detected object count: 16
12:38:23.0196 1216 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 JL2005C ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 JL2005C ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0196 1216 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0196 1216 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0206 1216 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0206 1216 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0206 1216 TBiosDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0206 1216 TBiosDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0206 1216 TEchoCan ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0206 1216 TEchoCan ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0216 1216 Thpdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0216 1216 Thpdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0216 1216 TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0216 1216 TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0216 1216 TMicAry ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0216 1216 TMicAry ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0226 1216 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0226 1216 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:23.0226 1216 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
12:38:23.0226 1216 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:02.0427 1200 Deinitialize success
  • 0

#73
Essexboy
Posted 07 January 2012 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if the following allows you to get to normal windows

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


  • 0

#74
jaydog11
Posted 07 January 2012 - 03:59 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
didn't work. Still wont let me start unless its in safe mode.
  • 0

#75
jaydog11
Posted 07 January 2012 - 04:01 PM

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
By the way under the services tab everything non-microsft was already disabled, not sure if thats importat but thought i would note it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP