Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit.zerAccess [Solved]

Started by gltf , Mar 12 2012 01:13 PM

  • This topic is locked This topic is locked

#1
gltf
Posted 12 March 2012 - 01:13 PM

gltf

    Member

  • Member
  • PipPip
  • 29 posts
Hello,
I have a work computer that got infected. I ran maleware bytes to clean it but no luck
I tried following the forums and ran combofix Now I got a scan that said I have a rootkit infection
It reboots and finishes but the infection is still there
Here is the otl report

OTL Extras logfile created on: 3/12/2012 12:01:52 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\TAMI LEE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 84.01% Memory free
4.81 Gb Paging File | 4.55 Gb Available in Paging File | 94.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.21 Gb Total Space | 431.05 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: TAMI1 | User Name: TAMI LEE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 30
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkVantage Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"InstallShield_{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MouseSuite98" = Lenovo Mouse Suite
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2012 5:00:13 PM | Computer Name = TAMI1 | Source = PC-Doctor | ID = 1
Description =

Error - 3/11/2012 5:00:13 PM | Computer Name = TAMI1 | Source = PC-Doctor | ID = 1
Description =

Error - 3/11/2012 10:36:24 PM | Computer Name = TAMI1 | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00e30fc0.

Error - 3/12/2012 12:53:46 PM | Computer Name = TAMI1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ Lenovo-Message Center Plus/Admin Events ]
Error - 5/19/2010 11:24:49 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 5/19/2010 11:24:49 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

Error - 4/3/2011 5:48:42 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ System Events ]
Error - 3/9/2012 7:20:13 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:27:47 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:31:02 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:33:49 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:13:31 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:13:41 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:17:38 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:24:39 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:25:19 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:13:29 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 12 March 2012 - 01:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the main OTL log please and the combofix log so that I can see what is what :)
  • 0

#3
gltf
Posted 12 March 2012 - 01:42 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Was that not the OTL log. If not where is it?
Here is the combofix logComboFix 12-03-12.03 - TAMI LEE 03/12/2012 10:35:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2651 [GMT -7:00]
Running from: c:\documents and settings\TAMI LEE\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-06 23:28 . 2012-03-06 23:29 -------- d-----w- C:\Combo-Fix
2012-03-06 21:34 . 2012-03-06 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B00235E2D00006F90D151FC4E
2012-02-16 18:54 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 20:10 . 2011-06-09 19:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-07-21 22:50 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-07-21 22:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-07-21 22:49 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-12_17.23.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-12 17:34 . 2012-03-12 17:34 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-05-12 15:12 65536 ----a-w- c:\windows\system32\MssShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2009-11-06 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-03-26 389120]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-03 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"MaxBackSchedule"="c:\program files\Maxtor\MSS Backup\maxbackservice.exe" [2006-06-15 188416]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-06-05 81920]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2006-05-25 1396736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\GARY\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 PM 46144]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 3:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 PM 360448]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 2:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 6:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 8:15 AM 1120752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-03-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2012-02-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2010-05-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-04-13 05:45]
.
2012-03-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\TAMI LEE\Application Data\Mozilla\Firefox\Profiles\r47sru4r.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 10:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-12 10:40:52
ComboFix-quarantined-files.txt 2012-03-12 17:40
ComboFix2.txt 2012-03-12 17:26
.
Pre-Run: 462,852,268,032 bytes free
Post-Run: 462,853,218,304 bytes free
.
- - End Of File - - F8D204A80C712DCB86C3E15E57B91FC2
  • 0

#4
gltf
Posted 12 March 2012 - 01:44 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Also the computer now cannot find the work network
It goes on the internet fine
  • 0

#5
Essexboy
Posted 12 March 2012 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be in the same location as OTL and will be called OTL.txt
What Antivirus programme are you using ?

Otherwise please re-run it with the following scan script

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    Drives
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#6
gltf
Posted 12 March 2012 - 02:28 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here they are

OTL logfile created on: 3/12/2012 12:56:44 PM - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\TAMI LEE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.84% Memory free
4.81 Gb Paging File | 4.32 Gb Available in Paging File | 89.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.21 Gb Total Space | 430.98 Gb Free Space | 93.24% Space Free | Partition Type: NTFS

Computer Name: TAMI1 | User Name: TAMI LEE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 12:01:04 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TAMI LEE\Desktop\OTL.exe
PRC - [2011/11/09 14:40:04 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/11/09 14:38:16 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2011/11/09 14:38:14 | 000,063,336 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
PRC - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 21:12:26 | 000,155,648 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
PRC - [2009/11/06 01:00:14 | 000,098,304 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
PRC - [2009/07/10 17:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/02 22:45:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2009/04/02 22:44:46 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
PRC - [2008/11/24 15:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/11/20 01:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
PRC - [2008/10/09 02:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/09/26 13:24:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/08 11:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/06/15 12:21:34 | 000,188,416 | ---- | M] (Maxtor Corp) -- C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
PRC - [2006/06/05 13:00:26 | 000,081,920 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/05/25 13:41:36 | 001,396,736 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 04:07:08 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/17 04:05:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/17 04:04:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:04:48 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 04:04:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 04:04:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/11/09 14:39:24 | 000,125,800 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2011/11/09 14:39:18 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2011/11/09 14:39:02 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2011/11/09 14:38:34 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/11/09 14:38:34 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/11/09 14:38:32 | 000,348,008 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2011/10/14 03:04:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/01 10:58:05 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/04/02 22:45:52 | 000,064,064 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
MOD - [2009/04/02 22:44:46 | 000,059,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
MOD - [2009/03/26 10:50:00 | 000,028,160 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2009/03/26 10:50:00 | 000,010,240 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\DPMTRAY.DLL
MOD - [2008/11/24 15:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2008/11/24 15:28:58 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2008/11/24 15:28:58 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2008/11/20 01:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
MOD - [2008/10/04 20:24:02 | 003,695,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/09/26 13:24:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
MOD - [2008/05/23 11:40:12 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\FanSpeedControl\SpioDll.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/10 17:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/11/24 15:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/10/09 02:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/06/13 17:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2009/12/14 14:33:36 | 000,024,064 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2009/11/02 14:29:42 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2008/09/09 03:07:36 | 004,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/16 01:12:02 | 000,037,184 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/07/10 19:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/06/27 01:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/14 05:00:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/09 14:40:06 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/03/06 14:33:50 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\spio.sys -- (SuperIO)
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 14:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/24 09:20:49 | 000,000,000 | ---D | M]

[2010/05/19 20:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TAMI LEE\Application Data\Mozilla\Extensions
[2012/03/12 12:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TAMI LEE\Application Data\Mozilla\Firefox\Profiles\r47sru4r.default\extensions
[2012/03/12 09:54:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TAMI LEE\Application Data\Mozilla\Firefox\Profiles\r47sru4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/12 12:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/24 11:19:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 09:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/11 10:25:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/04/12 23:09:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/03/12 10:22:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe ()
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe (Maxtor Corp)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Maxtor)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1274455792750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DB698F-20E0-41FF-9EE8-B14F386BCB8D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\TAMI LEE\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TAMI LEE\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 15:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 12:57:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/12 12:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/03/12 12:01:03 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TAMI LEE\Desktop\OTL.exe
[2012/03/12 11:37:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/12 11:19:40 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TAMI LEE\Desktop\tdsskiller.exe
[2012/03/12 11:18:32 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\TAMI LEE\Desktop\aswMBR.exe
[2012/03/12 10:03:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/12 10:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/12 10:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/12 10:02:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/12 10:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/12 09:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TAMI LEE\Desktop\RK_Quarantine
[2012/03/09 17:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/09 17:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/06 16:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/06 16:28:50 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2012/03/06 16:28:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D55F3B00235E2D00006F90D151FC4E

========== Files - Modified Within 30 Days ==========

[2012/03/12 12:36:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 12:36:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/03/12 12:36:03 | 3184,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 12:36:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 12:01:04 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TAMI LEE\Desktop\OTL.exe
[2012/03/12 11:38:33 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Update Checker.lnk
[2012/03/12 11:22:31 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Shortcut to ComboFix.lnk
[2012/03/12 11:22:11 | 000,252,991 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\FHSetup.exe
[2012/03/12 11:19:49 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TAMI LEE\Desktop\tdsskiller.exe
[2012/03/12 11:19:03 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\TAMI LEE\Desktop\aswMBR.exe
[2012/03/12 10:24:20 | 000,492,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 10:24:20 | 000,090,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/12 10:22:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/12 10:03:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/12 10:00:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 14:01:46 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/03/10 22:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/08 17:53:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Word.lnk
[2012/03/07 19:40:37 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Shortcut to Gary Pers.lnk
[2012/03/07 18:44:32 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Printers and Faxes.lnk
[2012/03/07 12:48:19 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\TAMI LEE\Desktop\Excel.lnk
[2012/03/06 16:32:27 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 18:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/17 04:20:04 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 04:01:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/03/12 11:38:33 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\TAMI LEE\Desktop\Update Checker.lnk
[2012/03/12 11:22:31 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\TAMI LEE\Desktop\Shortcut to ComboFix.lnk
[2012/03/12 11:22:11 | 000,252,991 | ---- | C] () -- C:\Documents and Settings\TAMI LEE\Desktop\FHSetup.exe
[2012/03/12 10:03:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/12 10:03:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/12 10:02:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/12 10:02:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/12 10:02:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/12 10:02:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/12 10:02:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/07 19:40:37 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\TAMI LEE\Desktop\Shortcut to Gary Pers.lnk
[2012/03/07 18:44:32 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\TAMI LEE\Desktop\Printers and Faxes.lnk
[2012/03/06 16:32:27 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 11:54:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 11:54:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/08/27 18:03:51 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/24 03:17:00 | 004,751,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/29 14:00:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/21 08:14:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/19 20:11:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 19:37:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2010/05/19 19:37:21 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2010/05/19 19:08:45 | 000,150,184 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2010/04/12 23:29:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/04/12 23:12:13 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/04/12 23:09:30 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010/04/12 23:09:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/12 23:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/04/12 23:07:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/04/12 23:07:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/04/12 23:07:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/04/12 23:07:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/04/12 23:07:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/04/12 23:04:13 | 000,035,392 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/04/12 23:01:21 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/04/12 23:01:20 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/04/12 23:00:29 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config

========== LOP Check ==========

[2011/08/27 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/06 14:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55F3B00235E2D00006F90D151FC4E
[2010/04/12 23:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/06/01 13:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/08/27 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/19 19:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/05/19 19:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/12/09 15:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/04/12 23:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperIO
[2010/04/12 23:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/09/01 14:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/12 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\DesktopPwrMgr
[2010/04/12 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Downloaded Installations
[2012/03/07 19:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Image Zone Express
[2010/05/19 18:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Leadertech
[2010/04/12 23:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Lenovo
[2010/05/19 20:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Printer Info Cache
[2010/05/19 19:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TAMI LEE\Application Data\Update
[2012/03/12 12:36:09 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012/02/24 18:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/19 18:32:41 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/03/11 14:01:46 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >


========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3500418AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: HP Officejet Pro L7 USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 462.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 496293117952
Hidden sectors: 0


< End of report >


OTL Extras logfile created on: 3/12/2012 12:01:52 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\TAMI LEE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 84.01% Memory free
4.81 Gb Paging File | 4.55 Gb Available in Paging File | 94.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.21 Gb Total Space | 431.05 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: TAMI1 | User Name: TAMI LEE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 30
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkVantage Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}" = FanSpeedControl
"InstallShield_{F4764FAC-C2DA-4CF8-BCDC-2353DDA229DB}" = Maxtor Quick Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MouseSuite98" = Lenovo Mouse Suite
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2012 5:00:13 PM | Computer Name = TAMI1 | Source = PC-Doctor | ID = 1
Description =

Error - 3/11/2012 5:00:13 PM | Computer Name = TAMI1 | Source = PC-Doctor | ID = 1
Description =

Error - 3/11/2012 10:36:24 PM | Computer Name = TAMI1 | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00e30fc0.

Error - 3/12/2012 12:53:46 PM | Computer Name = TAMI1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:24:19 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/12/2012 1:48:43 PM | Computer Name = TAMI1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ Lenovo-Message Center Plus/Admin Events ]
Error - 5/19/2010 11:24:49 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 5/19/2010 11:24:49 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

Error - 4/3/2011 5:48:42 PM | Computer Name = TAMI1 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ System Events ]
Error - 3/9/2012 7:20:13 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:27:47 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:31:02 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:33:49 AM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:13:31 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:13:41 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:17:38 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:24:39 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 3:25:19 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/9/2012 7:13:29 PM | Computer Name = TAMI1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 13:05:49
-----------------------------
13:05:49.484 OS Version: Windows 5.1.2600 Service Pack 3
13:05:49.484 Number of processors: 2 586 0x170A
13:05:49.484 ComputerName: TAMI1 UserName:
13:05:50.296 Initialize success
13:08:43.656 AVAST engine defs: 12031200
13:09:34.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
13:09:34.875 Disk 0 Vendor: ST3500418AS CC66 Size: 476940MB BusType: 3
13:09:34.890 Disk 0 MBR read successfully
13:09:34.890 Disk 0 MBR scan
13:09:34.890 Disk 0 unknown MBR code
13:09:34.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 473301 MB offset 2048
13:09:34.921 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 3637 MB offset 969322496
13:09:34.953 Disk 0 scanning sectors +976771072
13:09:35.000 Disk 0 scanning C:\WINDOWS\system32\drivers
13:09:37.359 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ARC [Rtk]
13:09:39.625 Disk 0 trace - called modules:
13:09:39.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:09:39.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4b1ab8]
13:09:39.640 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a4b8030]
13:09:39.656 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a474d98]
13:09:41.281 AVAST engine scan C:\WINDOWS
13:09:51.703 AVAST engine scan C:\WINDOWS\system32
13:11:56.796 AVAST engine scan C:\WINDOWS\system32\drivers
13:12:00.750 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ARC [Rtk]
13:12:14.796 AVAST engine scan C:\Documents and Settings\TAMI LEE
13:15:48.203 AVAST engine scan C:\Documents and Settings\All Users
13:18:19.968 Scan finished successfully
13:21:36.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TAMI LEE\Desktop\MBR.dat"
13:21:36.734 The log file has been saved successfully to "C:\Documents and Settings\TAMI LEE\Desktop\aswMBR.txt"
  • 0

#7
Essexboy
Posted 12 March 2012 - 02:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you have a TDL3 infection

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#8
gltf
Posted 12 March 2012 - 03:19 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here is the tdsskiler report

14:13:20.0453 2424 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
14:13:20.0875 2424 ============================================================
14:13:20.0875 2424 Current date / time: 2012/03/12 14:13:20.0875
14:13:20.0875 2424 SystemInfo:
14:13:20.0875 2424
14:13:20.0875 2424 OS Version: 5.1.2600 ServicePack: 3.0
14:13:20.0875 2424 Product type: Workstation
14:13:20.0875 2424 ComputerName: TAMI1
14:13:20.0875 2424 UserName: TAMI LEE
14:13:20.0875 2424 Windows directory: C:\WINDOWS
14:13:20.0875 2424 System windows directory: C:\WINDOWS
14:13:20.0875 2424 Processor architecture: Intel x86
14:13:20.0875 2424 Number of processors: 2
14:13:20.0875 2424 Page size: 0x1000
14:13:20.0875 2424 Boot type: Normal boot
14:13:20.0875 2424 ============================================================
14:13:22.0390 2424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:13:22.0406 2424 \Device\Harddisk0\DR0:
14:13:22.0406 2424 MBR used
14:13:22.0406 2424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x39C6A800
14:13:22.0437 2424 Initialize success
14:13:22.0437 2424 ============================================================
14:13:28.0734 3928 ============================================================
14:13:28.0734 3928 Scan started
14:13:28.0734 3928 Mode: Manual; SigCheck; TDLFS;
14:13:28.0734 3928 ============================================================
14:13:29.0218 3928 Abiosdsk - ok
14:13:29.0250 3928 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:13:29.0375 3928 abp480n5 - ok
14:13:29.0390 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:13:29.0484 3928 ACPI - ok
14:13:29.0500 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:13:29.0562 3928 ACPIEC - ok
14:13:29.0593 3928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:13:29.0656 3928 adpu160m - ok
14:13:29.0687 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:13:29.0750 3928 aec - ok
14:13:29.0796 3928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:13:29.0828 3928 AFD - ok
14:13:29.0828 3928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:13:29.0890 3928 agp440 - ok
14:13:29.0906 3928 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:13:29.0968 3928 agpCPQ - ok
14:13:29.0984 3928 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:13:30.0015 3928 Aha154x - ok
14:13:30.0015 3928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:13:30.0078 3928 aic78u2 - ok
14:13:30.0109 3928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:13:30.0171 3928 aic78xx - ok
14:13:30.0203 3928 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:13:30.0265 3928 AliIde - ok
14:13:30.0265 3928 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:13:30.0328 3928 alim1541 - ok
14:13:30.0343 3928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:13:30.0406 3928 amdagp - ok
14:13:30.0421 3928 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:13:30.0468 3928 amsint - ok
14:13:30.0484 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:13:30.0578 3928 Arp1394 - ok
14:13:30.0609 3928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:13:30.0671 3928 asc - ok
14:13:30.0671 3928 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:13:30.0703 3928 asc3350p - ok
14:13:30.0718 3928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:13:30.0781 3928 asc3550 - ok
14:13:30.0796 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:13:30.0890 3928 AsyncMac - ok
14:13:30.0906 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:13:30.0968 3928 atapi - ok
14:13:30.0984 3928 Atdisk - ok
14:13:30.0984 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:13:31.0062 3928 Atmarpc - ok
14:13:31.0093 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:13:31.0156 3928 audstub - ok
14:13:31.0171 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:13:31.0265 3928 Beep - ok
14:13:31.0328 3928 catchme - ok
14:13:31.0375 3928 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:13:31.0437 3928 cbidf - ok
14:13:31.0453 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:13:31.0515 3928 cbidf2k - ok
14:13:31.0515 3928 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:13:31.0546 3928 cd20xrnt - ok
14:13:31.0578 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:13:31.0640 3928 Cdaudio - ok
14:13:31.0656 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:13:31.0718 3928 Cdfs - ok
14:13:31.0718 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:13:31.0796 3928 Cdrom - ok
14:13:31.0796 3928 Changer - ok
14:13:31.0812 3928 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:13:31.0875 3928 CmBatt - ok
14:13:31.0953 3928 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:13:32.0015 3928 CmdIde - ok
14:13:32.0046 3928 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:13:32.0109 3928 Compbatt - ok
14:13:32.0125 3928 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:13:32.0187 3928 Cpqarray - ok
14:13:32.0203 3928 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:13:32.0281 3928 dac2w2k - ok
14:13:32.0312 3928 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:13:32.0375 3928 dac960nt - ok
14:13:32.0406 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:13:32.0468 3928 Disk - ok
14:13:32.0515 3928 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
14:13:32.0531 3928 DLABMFSM - ok
14:13:32.0546 3928 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:13:32.0546 3928 DLABOIOM - ok
14:13:32.0546 3928 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:13:32.0562 3928 DLACDBHM - ok
14:13:32.0562 3928 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
14:13:32.0578 3928 DLADResM - ok
14:13:32.0609 3928 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:13:32.0609 3928 DLAIFS_M - ok
14:13:32.0625 3928 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:13:32.0625 3928 DLAOPIOM - ok
14:13:32.0625 3928 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:13:32.0640 3928 DLAPoolM - ok
14:13:32.0640 3928 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:13:32.0640 3928 DLARTL_M - ok
14:13:32.0656 3928 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:13:32.0656 3928 DLAUDFAM - ok
14:13:32.0671 3928 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:13:32.0671 3928 DLAUDF_M - ok
14:13:32.0718 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:13:32.0796 3928 dmboot - ok
14:13:32.0906 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:13:32.0984 3928 dmio - ok
14:13:33.0000 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:13:33.0062 3928 dmload - ok
14:13:33.0109 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:13:33.0203 3928 DMusic - ok
14:13:33.0218 3928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:13:33.0281 3928 dpti2o - ok
14:13:33.0296 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:13:33.0359 3928 drmkaud - ok
14:13:33.0390 3928 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:13:33.0390 3928 DRVMCDB - ok
14:13:33.0406 3928 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:13:33.0406 3928 DRVNDDM - ok
14:13:33.0453 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:13:33.0515 3928 Fastfat - ok
14:13:33.0531 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:13:33.0609 3928 Fdc - ok
14:13:33.0640 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:13:33.0718 3928 Fips - ok
14:13:33.0734 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:13:33.0796 3928 Flpydisk - ok
14:13:33.0812 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:13:33.0875 3928 FltMgr - ok
14:13:33.0890 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:13:33.0953 3928 Fs_Rec - ok
14:13:33.0984 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:13:34.0046 3928 Ftdisk - ok
14:13:34.0078 3928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:13:34.0078 3928 GEARAspiWDM - ok
14:13:34.0109 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:13:34.0171 3928 Gpc - ok
14:13:34.0203 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:13:34.0265 3928 HDAudBus - ok
14:13:34.0328 3928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:13:34.0390 3928 HidUsb - ok
14:13:34.0406 3928 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:13:34.0468 3928 hpn - ok
14:13:34.0500 3928 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:13:34.0531 3928 HPZid412 - ok
14:13:34.0593 3928 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:13:34.0609 3928 HPZipr12 - ok
14:13:34.0625 3928 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:13:34.0640 3928 HPZius12 - ok
14:13:34.0687 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:13:34.0703 3928 HTTP - ok
14:13:34.0734 3928 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:13:34.0812 3928 i2omgmt - ok
14:13:34.0828 3928 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:13:34.0890 3928 i2omp - ok
14:13:34.0921 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:13:34.0984 3928 i8042prt - ok
14:13:35.0125 3928 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:13:35.0296 3928 ialm - ok
14:13:35.0312 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:13:35.0375 3928 Imapi - ok
14:13:35.0437 3928 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:13:35.0500 3928 ini910u - ok
14:13:35.0625 3928 IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:13:35.0734 3928 IntcAzAudAddService - ok
14:13:35.0734 3928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:13:35.0828 3928 IntelIde - ok
14:13:35.0859 3928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:13:35.0937 3928 intelppm - ok
14:13:35.0953 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:13:36.0015 3928 Ip6Fw - ok
14:13:36.0031 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:13:36.0093 3928 IpFilterDriver - ok
14:13:36.0093 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:13:36.0171 3928 IpInIp - ok
14:13:36.0187 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:13:36.0265 3928 IpNat - ok
14:13:36.0296 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:13:36.0359 3928 IPSec - ok
14:13:36.0390 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:13:36.0421 3928 IRENUM - ok
14:13:36.0453 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:13:36.0515 3928 isapnp - ok
14:13:36.0531 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:13:36.0609 3928 Kbdclass - ok
14:13:36.0640 3928 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:13:36.0703 3928 kbdhid - ok
14:13:36.0718 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:13:36.0781 3928 kmixer - ok
14:13:36.0812 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:13:36.0859 3928 KSecDD - ok
14:13:36.0859 3928 lbrtfdc - ok
14:13:36.0890 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:13:36.0953 3928 mnmdd - ok
14:13:36.0968 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:13:37.0046 3928 Modem - ok
14:13:37.0078 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:13:37.0140 3928 Mouclass - ok
14:13:37.0156 3928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:13:37.0218 3928 mouhid - ok
14:13:37.0250 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:13:37.0328 3928 MountMgr - ok
14:13:37.0359 3928 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:13:37.0421 3928 mraid35x - ok
14:13:37.0437 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:13:37.0500 3928 MRxDAV - ok
14:13:37.0546 3928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:13:37.0562 3928 MRxSmb - ok
14:13:37.0593 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:13:37.0656 3928 Msfs - ok
14:13:37.0718 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:13:37.0781 3928 MSKSSRV - ok
14:13:37.0796 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:13:37.0859 3928 MSPCLOCK - ok
14:13:37.0859 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:13:37.0937 3928 MSPQM - ok
14:13:37.0968 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:13:38.0031 3928 mssmbios - ok
14:13:38.0078 3928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:13:38.0093 3928 Mup - ok
14:13:38.0140 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:13:38.0203 3928 NDIS - ok
14:13:38.0234 3928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:13:38.0265 3928 NdisTapi - ok
14:13:38.0328 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:13:38.0390 3928 Ndisuio - ok
14:13:38.0437 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:13:38.0515 3928 NdisWan - ok
14:13:38.0546 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:13:38.0578 3928 NDProxy - ok
14:13:38.0593 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:13:38.0671 3928 NetBIOS - ok
14:13:38.0703 3928 NetBT (faab61c1c7d8b0a715a39f73c96933c4) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:13:38.0703 3928 NetBT ( Virus.Win32.ZAccess.k ) - infected
14:13:38.0703 3928 NetBT - detected Virus.Win32.ZAccess.k (0)
14:13:38.0734 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:13:38.0796 3928 NIC1394 - ok
14:13:38.0812 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:13:38.0875 3928 Npfs - ok
14:13:38.0906 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:13:38.0984 3928 Ntfs - ok
14:13:39.0000 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:13:39.0062 3928 Null - ok
14:13:39.0078 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:13:39.0140 3928 NwlnkFlt - ok
14:13:39.0156 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:13:39.0234 3928 NwlnkFwd - ok
14:13:39.0250 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:13:39.0328 3928 ohci1394 - ok
14:13:39.0343 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:13:39.0437 3928 Parport - ok
14:13:39.0437 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:13:39.0500 3928 PartMgr - ok
14:13:39.0515 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:13:39.0578 3928 ParVdm - ok
14:13:39.0609 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:13:39.0671 3928 PCI - ok
14:13:39.0671 3928 PCIDump - ok
14:13:39.0703 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:13:39.0765 3928 PCIIde - ok
14:13:39.0781 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:13:39.0843 3928 Pcmcia - ok
14:13:39.0859 3928 PDCOMP - ok
14:13:39.0875 3928 PDFRAME - ok
14:13:39.0890 3928 PDRELI - ok
14:13:39.0921 3928 PDRFRAME - ok
14:13:39.0968 3928 pelmouse (b4d92797d295807d6739637538d01ccb) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
14:13:40.0000 3928 pelmouse - ok
14:13:40.0015 3928 pelusblf (d599661a3957de82aed3842cf9a669d6) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
14:13:40.0015 3928 pelusblf - ok
14:13:40.0046 3928 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:13:40.0093 3928 perc2 - ok
14:13:40.0109 3928 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:13:40.0171 3928 perc2hib - ok
14:13:40.0203 3928 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
14:13:40.0218 3928 pmem ( UnsignedFile.Multi.Generic ) - warning
14:13:40.0218 3928 pmem - detected UnsignedFile.Multi.Generic (1)
14:13:40.0250 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:13:40.0328 3928 PptpMiniport - ok
14:13:40.0375 3928 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
14:13:40.0375 3928 psadd - ok
14:13:40.0390 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:13:40.0453 3928 PSched - ok
14:13:40.0468 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:13:40.0531 3928 Ptilink - ok
14:13:40.0562 3928 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:13:40.0578 3928 PxHelp20 - ok
14:13:40.0593 3928 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:13:40.0656 3928 ql1080 - ok
14:13:40.0671 3928 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:13:40.0734 3928 Ql10wnt - ok
14:13:40.0765 3928 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:13:40.0828 3928 ql12160 - ok
14:13:40.0843 3928 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:13:40.0906 3928 ql1240 - ok
14:13:40.0906 3928 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:13:40.0968 3928 ql1280 - ok
14:13:41.0000 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:13:41.0062 3928 RasAcd - ok
14:13:41.0078 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:13:41.0187 3928 Rasl2tp - ok
14:13:41.0218 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:13:41.0296 3928 RasPppoe - ok
14:13:41.0296 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:13:41.0359 3928 Raspti - ok
14:13:41.0390 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:13:41.0453 3928 Rdbss - ok
14:13:41.0468 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:13:41.0531 3928 RDPCDD - ok
14:13:41.0593 3928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:13:41.0656 3928 rdpdr - ok
14:13:41.0703 3928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:13:41.0734 3928 RDPWD - ok
14:13:41.0734 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:13:41.0796 3928 redbook - ok
14:13:41.0843 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:13:41.0875 3928 Secdrv - ok
14:13:41.0921 3928 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:13:41.0984 3928 Serenum - ok
14:13:42.0015 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:13:42.0078 3928 Serial - ok
14:13:42.0093 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:13:42.0171 3928 Sfloppy - ok
14:13:42.0203 3928 Simbad - ok
14:13:42.0218 3928 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:13:42.0281 3928 sisagp - ok
14:13:42.0328 3928 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:13:42.0359 3928 Sparrow - ok
14:13:42.0390 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:13:42.0453 3928 splitter - ok
14:13:42.0468 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:13:42.0500 3928 sr - ok
14:13:42.0546 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:13:42.0578 3928 Srv - ok
14:13:42.0625 3928 SuperIO (05756b6a3a45db52334526f9e1fec6bc) C:\WINDOWS\system32\DRIVERS\spio.sys
14:13:42.0640 3928 SuperIO - ok
14:13:42.0687 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:13:42.0750 3928 swenum - ok
14:13:42.0796 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:13:42.0875 3928 swmidi - ok
14:13:42.0921 3928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:13:42.0984 3928 symc810 - ok
14:13:42.0984 3928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:13:43.0046 3928 symc8xx - ok
14:13:43.0062 3928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:13:43.0125 3928 sym_hi - ok
14:13:43.0140 3928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:13:43.0203 3928 sym_u3 - ok
14:13:43.0250 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:13:43.0312 3928 sysaudio - ok
14:13:43.0359 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:13:43.0406 3928 Tcpip - ok
14:13:43.0437 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:13:43.0500 3928 TDPIPE - ok
14:13:43.0531 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:13:43.0593 3928 TDTCP - ok
14:13:43.0640 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:13:43.0703 3928 TermDD - ok
14:13:43.0718 3928 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:13:43.0781 3928 TosIde - ok
14:13:43.0828 3928 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
14:13:43.0859 3928 tvtfilter - ok
14:13:43.0859 3928 TVTI2C (f2bacc1b7adfecba363275e7330ab5c1) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
14:13:43.0875 3928 TVTI2C - ok
14:13:43.0890 3928 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
14:13:43.0906 3928 tvtumon - ok
14:13:43.0937 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:13:44.0000 3928 Udfs - ok
14:13:44.0031 3928 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:13:44.0062 3928 ultra - ok
14:13:44.0078 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:13:44.0140 3928 Update - ok
14:13:44.0156 3928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:13:44.0218 3928 usbccgp - ok
14:13:44.0250 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:13:44.0312 3928 usbehci - ok
14:13:44.0343 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:13:44.0421 3928 usbhub - ok
14:13:44.0453 3928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:13:44.0515 3928 usbprint - ok
14:13:44.0531 3928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:13:44.0609 3928 usbscan - ok
14:13:44.0625 3928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:13:44.0718 3928 USBSTOR - ok
14:13:44.0718 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:13:44.0781 3928 usbuhci - ok
14:13:44.0796 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:13:44.0859 3928 VgaSave - ok
14:13:44.0906 3928 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:13:44.0968 3928 viaagp - ok
14:13:44.0968 3928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:13:45.0031 3928 ViaIde - ok
14:13:45.0062 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:13:45.0125 3928 VolSnap - ok
14:13:45.0156 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:13:45.0218 3928 Wanarp - ok
14:13:45.0218 3928 WDICA - ok
14:13:45.0265 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:13:45.0343 3928 wdmaud - ok
14:13:45.0375 3928 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:13:45.0437 3928 WmiAcpi - ok
14:13:45.0468 3928 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:13:45.0531 3928 WS2IFSL - ok
14:13:45.0593 3928 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:13:45.0625 3928 yukonwxp - ok
14:13:45.0625 3928 MBR (0x1B8) (7b3c2a5f5c219895c583fdd299dd969a) \Device\Harddisk0\DR0
14:13:45.0703 3928 \Device\Harddisk0\DR0 - ok
14:13:45.0718 3928 Boot (0x1200) (562c7e965b75b071ed91762553285e46) \Device\Harddisk0\DR0\Partition0
14:13:45.0718 3928 \Device\Harddisk0\DR0\Partition0 - ok
14:13:45.0718 3928 ============================================================
14:13:45.0718 3928 Scan finished
14:13:45.0718 3928 ============================================================
14:13:45.0828 3728 Detected object count: 2
14:13:45.0828 3728 Actual detected object count: 2
14:13:57.0515 3728 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
14:13:57.0515 3728 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
14:13:59.0453 3728 Backup copy not found, trying to cure infected file..
14:13:59.0453 3728 C:\WINDOWS\system32\DRIVERS\netbt.sys - Cure failed (FFFFFFFF)
14:13:59.0453 3728 C:\WINDOWS\system32\DRIVERS\netbt.sys - processing error
14:14:00.0671 3728 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:14:00.0671 3728 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
14:14:00.0671 3728 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#9
Essexboy
Posted 12 March 2012 - 03:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the problem - you have no backup of netbt.sys

Download the attached zip file
[attachment=56580:netbt.zip]

Extract the file to the following location :

C:\Windows\system32\dllcache

This is a hidden system folder
So in control panel select the folder option
Mark show systems files
Remove the check from Hide protected system files
[attachment=56581:Capture.JPG]
Dllcache will then appear
[attachment=56582:Capture1.JPG]

Once it is in the cache then re-run TDSSKiller please
  • 0

#10
gltf
Posted 12 March 2012 - 04:32 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I cannot find that dll file. I have opened the win32 and dont see it in there
I have unhidden the files
The sys32 folder does not have a dllcache folder

Edited by gltf, 12 March 2012 - 04:36 PM.

  • 0

Advertisements

#11
Essexboy
Posted 12 March 2012 - 04:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you remove the check from the Hide protected system files ?

Could you then extract the netbt.sys file to you root C drive please

Then re-run Combofix and allow it to update, once the first run has completed I will then use it to replace the file cleanly
  • 0

#12
gltf
Posted 12 March 2012 - 05:05 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, i found it, added it and ran combofix
Here is the reportComboFix 12-03-12.03 - TAMI LEE 03/12/2012 15:59:05.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2650 [GMT -7:00]
Running from: c:\documents and settings\TAMI LEE\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 19:35 . 2012-03-12 19:35 -------- d-----w- c:\program files\FileHippo.com
2012-03-12 18:37 . 2012-03-12 21:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-06 23:28 . 2012-03-06 23:29 -------- d-----w- C:\Combo-Fix
2012-03-06 21:34 . 2012-03-06 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B00235E2D00006F90D151FC4E
2012-02-16 18:54 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 18:54 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 22:52 . 2008-07-21 22:49 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-26 20:10 . 2011-06-09 19:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-07-21 22:50 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-07-21 22:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-07-21 22:49 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-12_17.23.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-12 22:57 . 2012-03-12 22:57 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
+ 2008-04-14 02:21 . 2012-03-12 22:27 162816 c:\windows\system32\dllcache\netbt.sys
+ 2012-03-12 19:34 . 2012-03-12 19:35 1271292 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-05-12 15:12 65536 ----a-w- c:\windows\system32\MssShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2008-09-26 40960]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2009-11-06 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-03-26 389120]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-04-03 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"MaxBackSchedule"="c:\program files\Maxtor\MSS Backup\maxbackservice.exe" [2006-06-15 188416]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-06-05 81920]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2006-05-25 1396736]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\GARY\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 PM 46144]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 3:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 PM 360448]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [3/6/2008 2:33 PM 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [11/19/2008 6:46 PM 37184]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 8:15 AM 1120752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-03-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2012-02-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2010-05-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-04-13 05:45]
.
2012-03-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\TAMI LEE\Application Data\Mozilla\Firefox\Profiles\r47sru4r.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-93079440.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-12 16:04:22
ComboFix-quarantined-files.txt 2012-03-12 23:04
ComboFix2.txt 2012-03-12 17:58
ComboFix3.txt 2012-03-12 17:40
ComboFix4.txt 2012-03-12 17:26
.
Pre-Run: 462,575,611,904 bytes free
Post-Run: 462,689,943,552 bytes free
.
- - End Of File - - B65728E5523D3B809A304CD653DF5549
  • 0

#13
Essexboy
Posted 12 March 2012 - 05:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now re-run TDSSKiller please - it should find the spare copy and do a clean replacement
  • 0

#14
gltf
Posted 12 March 2012 - 05:32 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok done, but I do not know if it replaced anything
It still said there was a threat but i could only skip it

16:27:17.0187 1272 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:27:17.0765 1272 ============================================================
16:27:17.0765 1272 Current date / time: 2012/03/12 16:27:17.0765
16:27:17.0765 1272 SystemInfo:
16:27:17.0765 1272
16:27:17.0765 1272 OS Version: 5.1.2600 ServicePack: 3.0
16:27:17.0765 1272 Product type: Workstation
16:27:17.0765 1272 ComputerName: TAMI1
16:27:17.0765 1272 UserName: TAMI LEE
16:27:17.0765 1272 Windows directory: C:\WINDOWS
16:27:17.0765 1272 System windows directory: C:\WINDOWS
16:27:17.0765 1272 Processor architecture: Intel x86
16:27:17.0765 1272 Number of processors: 2
16:27:17.0765 1272 Page size: 0x1000
16:27:17.0765 1272 Boot type: Normal boot
16:27:17.0765 1272 ============================================================
16:27:18.0968 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:27:18.0968 1272 \Device\Harddisk0\DR0:
16:27:18.0968 1272 MBR used
16:27:18.0968 1272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x39C6A800
16:27:19.0000 1272 Initialize success
16:27:19.0000 1272 ============================================================
16:27:24.0703 0492 ============================================================
16:27:24.0703 0492 Scan started
16:27:24.0703 0492 Mode: Manual; SigCheck; TDLFS;
16:27:24.0703 0492 ============================================================
16:27:24.0953 0492 Abiosdsk - ok
16:27:24.0984 0492 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:27:25.0125 0492 abp480n5 - ok
16:27:25.0125 0492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:27:25.0203 0492 ACPI - ok
16:27:25.0218 0492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:27:25.0281 0492 ACPIEC - ok
16:27:25.0296 0492 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:27:25.0359 0492 adpu160m - ok
16:27:25.0421 0492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:27:25.0484 0492 aec - ok
16:27:25.0531 0492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:27:25.0546 0492 AFD - ok
16:27:25.0562 0492 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:27:25.0640 0492 agp440 - ok
16:27:25.0640 0492 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:27:25.0703 0492 agpCPQ - ok
16:27:25.0718 0492 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:27:25.0734 0492 Aha154x - ok
16:27:25.0765 0492 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:27:25.0843 0492 aic78u2 - ok
16:27:25.0859 0492 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:27:25.0921 0492 aic78xx - ok
16:27:25.0937 0492 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:27:26.0000 0492 AliIde - ok
16:27:26.0015 0492 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:27:26.0078 0492 alim1541 - ok
16:27:26.0093 0492 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:27:26.0156 0492 amdagp - ok
16:27:26.0171 0492 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:27:26.0218 0492 amsint - ok
16:27:26.0234 0492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:27:26.0296 0492 Arp1394 - ok
16:27:26.0312 0492 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:27:26.0375 0492 asc - ok
16:27:26.0390 0492 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:27:26.0421 0492 asc3350p - ok
16:27:26.0421 0492 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:27:26.0484 0492 asc3550 - ok
16:27:26.0515 0492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:27:26.0578 0492 AsyncMac - ok
16:27:26.0625 0492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:27:26.0687 0492 atapi - ok
16:27:26.0703 0492 Atdisk - ok
16:27:26.0703 0492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:27:26.0765 0492 Atmarpc - ok
16:27:26.0796 0492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:27:26.0875 0492 audstub - ok
16:27:26.0890 0492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:27:26.0968 0492 Beep - ok
16:27:27.0015 0492 catchme - ok
16:27:27.0062 0492 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:27:27.0125 0492 cbidf - ok
16:27:27.0125 0492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:27:27.0187 0492 cbidf2k - ok
16:27:27.0203 0492 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:27:27.0234 0492 cd20xrnt - ok
16:27:27.0265 0492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:27:27.0328 0492 Cdaudio - ok
16:27:27.0343 0492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:27:27.0406 0492 Cdfs - ok
16:27:27.0406 0492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:27:27.0484 0492 Cdrom - ok
16:27:27.0531 0492 Changer - ok
16:27:27.0546 0492 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:27:27.0625 0492 CmBatt - ok
16:27:27.0656 0492 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:27:27.0718 0492 CmdIde - ok
16:27:27.0734 0492 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:27:27.0796 0492 Compbatt - ok
16:27:27.0812 0492 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:27:27.0890 0492 Cpqarray - ok
16:27:27.0906 0492 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:27:27.0984 0492 dac2w2k - ok
16:27:28.0031 0492 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:27:28.0093 0492 dac960nt - ok
16:27:28.0125 0492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:27:28.0187 0492 Disk - ok
16:27:28.0234 0492 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:27:28.0250 0492 DLABMFSM - ok
16:27:28.0265 0492 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:27:28.0265 0492 DLABOIOM - ok
16:27:28.0281 0492 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:27:28.0281 0492 DLACDBHM - ok
16:27:28.0296 0492 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
16:27:28.0296 0492 DLADResM - ok
16:27:28.0328 0492 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:27:28.0343 0492 DLAIFS_M - ok
16:27:28.0343 0492 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:27:28.0359 0492 DLAOPIOM - ok
16:27:28.0359 0492 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:27:28.0359 0492 DLAPoolM - ok
16:27:28.0375 0492 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:27:28.0375 0492 DLARTL_M - ok
16:27:28.0390 0492 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:27:28.0390 0492 DLAUDFAM - ok
16:27:28.0406 0492 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:27:28.0406 0492 DLAUDF_M - ok
16:27:28.0468 0492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:27:28.0546 0492 dmboot - ok
16:27:28.0609 0492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:27:28.0687 0492 dmio - ok
16:27:28.0703 0492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:27:28.0765 0492 dmload - ok
16:27:28.0812 0492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:27:28.0890 0492 DMusic - ok
16:27:28.0937 0492 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:27:29.0000 0492 dpti2o - ok
16:27:29.0046 0492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:27:29.0109 0492 drmkaud - ok
16:27:29.0140 0492 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:27:29.0140 0492 DRVMCDB - ok
16:27:29.0171 0492 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:27:29.0171 0492 DRVNDDM - ok
16:27:29.0203 0492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:27:29.0265 0492 Fastfat - ok
16:27:29.0296 0492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:27:29.0375 0492 Fdc - ok
16:27:29.0390 0492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:27:29.0484 0492 Fips - ok
16:27:29.0500 0492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:27:29.0562 0492 Flpydisk - ok
16:27:29.0609 0492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:27:29.0671 0492 FltMgr - ok
16:27:29.0671 0492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:27:29.0734 0492 Fs_Rec - ok
16:27:29.0781 0492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:27:29.0843 0492 Ftdisk - ok
16:27:29.0875 0492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:27:29.0890 0492 GEARAspiWDM - ok
16:27:29.0906 0492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:27:29.0984 0492 Gpc - ok
16:27:30.0000 0492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:27:30.0062 0492 HDAudBus - ok
16:27:30.0140 0492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:27:30.0203 0492 HidUsb - ok
16:27:30.0218 0492 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:27:30.0281 0492 hpn - ok
16:27:30.0328 0492 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:27:30.0375 0492 HPZid412 - ok
16:27:30.0390 0492 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:27:30.0406 0492 HPZipr12 - ok
16:27:30.0468 0492 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:27:30.0468 0492 HPZius12 - ok
16:27:30.0515 0492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:27:30.0531 0492 HTTP - ok
16:27:30.0578 0492 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:27:30.0656 0492 i2omgmt - ok
16:27:30.0671 0492 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:27:30.0734 0492 i2omp - ok
16:27:30.0750 0492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:27:30.0812 0492 i8042prt - ok
16:27:30.0921 0492 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:27:31.0046 0492 ialm - ok
16:27:31.0062 0492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:27:31.0125 0492 Imapi - ok
16:27:31.0171 0492 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:27:31.0234 0492 ini910u - ok
16:27:31.0359 0492 IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:27:31.0468 0492 IntcAzAudAddService - ok
16:27:31.0484 0492 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:27:31.0546 0492 IntelIde - ok
16:27:31.0578 0492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:27:31.0640 0492 intelppm - ok
16:27:31.0671 0492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:27:31.0734 0492 Ip6Fw - ok
16:27:31.0750 0492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:27:31.0843 0492 IpFilterDriver - ok
16:27:31.0859 0492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:27:31.0921 0492 IpInIp - ok
16:27:31.0953 0492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:27:32.0031 0492 IpNat - ok
16:27:32.0046 0492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:27:32.0125 0492 IPSec - ok
16:27:32.0125 0492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:27:32.0156 0492 IRENUM - ok
16:27:32.0187 0492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:27:32.0250 0492 isapnp - ok
16:27:32.0281 0492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:27:32.0359 0492 Kbdclass - ok
16:27:32.0390 0492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:27:32.0453 0492 kbdhid - ok
16:27:32.0453 0492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:27:32.0531 0492 kmixer - ok
16:27:32.0546 0492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:27:32.0593 0492 KSecDD - ok
16:27:32.0609 0492 lbrtfdc - ok
16:27:32.0640 0492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:27:32.0703 0492 mnmdd - ok
16:27:32.0734 0492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:27:32.0796 0492 Modem - ok
16:27:32.0828 0492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:27:32.0890 0492 Mouclass - ok
16:27:32.0906 0492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:27:32.0968 0492 mouhid - ok
16:27:33.0000 0492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:27:33.0093 0492 MountMgr - ok
16:27:33.0093 0492 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:27:33.0156 0492 mraid35x - ok
16:27:33.0187 0492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:27:33.0265 0492 MRxDAV - ok
16:27:33.0281 0492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:27:33.0312 0492 MRxSmb - ok
16:27:33.0343 0492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:27:33.0406 0492 Msfs - ok
16:27:33.0453 0492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:27:33.0515 0492 MSKSSRV - ok
16:27:33.0515 0492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:27:33.0593 0492 MSPCLOCK - ok
16:27:33.0593 0492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:27:33.0671 0492 MSPQM - ok
16:27:33.0734 0492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:27:33.0796 0492 mssmbios - ok
16:27:33.0859 0492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:27:33.0890 0492 Mup - ok
16:27:33.0921 0492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:27:33.0984 0492 NDIS - ok
16:27:34.0031 0492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:27:34.0046 0492 NdisTapi - ok
16:27:34.0078 0492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:27:34.0156 0492 Ndisuio - ok
16:27:34.0187 0492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:27:34.0281 0492 NdisWan - ok
16:27:34.0328 0492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:27:34.0359 0492 NDProxy - ok
16:27:34.0390 0492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:27:34.0453 0492 NetBIOS - ok
16:27:34.0468 0492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:27:34.0531 0492 NetBT - ok
16:27:34.0578 0492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:27:34.0640 0492 NIC1394 - ok
16:27:34.0656 0492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:27:34.0718 0492 Npfs - ok
16:27:34.0765 0492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:27:34.0828 0492 Ntfs - ok
16:27:34.0859 0492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:27:34.0921 0492 Null - ok
16:27:34.0984 0492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:27:35.0046 0492 NwlnkFlt - ok
16:27:35.0046 0492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:27:35.0109 0492 NwlnkFwd - ok
16:27:35.0140 0492 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:27:35.0203 0492 ohci1394 - ok
16:27:35.0218 0492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:27:35.0296 0492 Parport - ok
16:27:35.0312 0492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:27:35.0375 0492 PartMgr - ok
16:27:35.0390 0492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:27:35.0453 0492 ParVdm - ok
16:27:35.0500 0492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:27:35.0562 0492 PCI - ok
16:27:35.0578 0492 PCIDump - ok
16:27:35.0593 0492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:27:35.0656 0492 PCIIde - ok
16:27:35.0687 0492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:27:35.0750 0492 Pcmcia - ok
16:27:35.0750 0492 PDCOMP - ok
16:27:35.0765 0492 PDFRAME - ok
16:27:35.0765 0492 PDRELI - ok
16:27:35.0781 0492 PDRFRAME - ok
16:27:35.0812 0492 pelmouse (b4d92797d295807d6739637538d01ccb) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
16:27:35.0828 0492 pelmouse - ok
16:27:35.0843 0492 pelusblf (d599661a3957de82aed3842cf9a669d6) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
16:27:35.0843 0492 pelusblf - ok
16:27:35.0859 0492 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:27:35.0921 0492 perc2 - ok
16:27:35.0937 0492 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:27:36.0000 0492 perc2hib - ok
16:27:36.0062 0492 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
16:27:36.0062 0492 pmem ( UnsignedFile.Multi.Generic ) - warning
16:27:36.0062 0492 pmem - detected UnsignedFile.Multi.Generic (1)
16:27:36.0109 0492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:27:36.0203 0492 PptpMiniport - ok
16:27:36.0234 0492 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:27:36.0234 0492 psadd - ok
16:27:36.0250 0492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:27:36.0328 0492 PSched - ok
16:27:36.0328 0492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:27:36.0390 0492 Ptilink - ok
16:27:36.0421 0492 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:27:36.0421 0492 PxHelp20 - ok
16:27:36.0453 0492 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:27:36.0515 0492 ql1080 - ok
16:27:36.0515 0492 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:27:36.0593 0492 Ql10wnt - ok
16:27:36.0609 0492 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:27:36.0687 0492 ql12160 - ok
16:27:36.0687 0492 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:27:36.0765 0492 ql1240 - ok
16:27:36.0765 0492 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:27:36.0828 0492 ql1280 - ok
16:27:36.0859 0492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:27:36.0921 0492 RasAcd - ok
16:27:36.0921 0492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:27:36.0984 0492 Rasl2tp - ok
16:27:37.0031 0492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:27:37.0093 0492 RasPppoe - ok
16:27:37.0093 0492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:27:37.0156 0492 Raspti - ok
16:27:37.0187 0492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:27:37.0250 0492 Rdbss - ok
16:27:37.0250 0492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:27:37.0312 0492 RDPCDD - ok
16:27:37.0375 0492 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:27:37.0437 0492 rdpdr - ok
16:27:37.0484 0492 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:27:37.0500 0492 RDPWD - ok
16:27:37.0515 0492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:27:37.0578 0492 redbook - ok
16:27:37.0609 0492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:27:37.0640 0492 Secdrv - ok
16:27:37.0671 0492 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:27:37.0734 0492 Serenum - ok
16:27:37.0750 0492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:27:37.0812 0492 Serial - ok
16:27:37.0828 0492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:27:37.0906 0492 Sfloppy - ok
16:27:37.0921 0492 Simbad - ok
16:27:37.0937 0492 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:27:38.0000 0492 sisagp - ok
16:27:38.0046 0492 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:27:38.0078 0492 Sparrow - ok
16:27:38.0109 0492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:27:38.0171 0492 splitter - ok
16:27:38.0187 0492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:27:38.0218 0492 sr - ok
16:27:38.0250 0492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:27:38.0281 0492 Srv - ok
16:27:38.0328 0492 SuperIO (05756b6a3a45db52334526f9e1fec6bc) C:\WINDOWS\system32\DRIVERS\spio.sys
16:27:38.0343 0492 SuperIO - ok
16:27:38.0375 0492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:27:38.0437 0492 swenum - ok
16:27:38.0468 0492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:27:38.0546 0492 swmidi - ok
16:27:38.0578 0492 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:27:38.0640 0492 symc810 - ok
16:27:38.0703 0492 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:27:38.0765 0492 symc8xx - ok
16:27:38.0781 0492 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:27:38.0843 0492 sym_hi - ok
16:27:38.0859 0492 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:27:38.0921 0492 sym_u3 - ok
16:27:38.0968 0492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:27:39.0031 0492 sysaudio - ok
16:27:39.0109 0492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:27:39.0125 0492 Tcpip - ok
16:27:39.0156 0492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:27:39.0218 0492 TDPIPE - ok
16:27:39.0218 0492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:27:39.0296 0492 TDTCP - ok
16:27:39.0328 0492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:27:39.0390 0492 TermDD - ok
16:27:39.0406 0492 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:27:39.0468 0492 TosIde - ok
16:27:39.0515 0492 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
16:27:39.0546 0492 tvtfilter - ok
16:27:39.0546 0492 TVTI2C (f2bacc1b7adfecba363275e7330ab5c1) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
16:27:39.0562 0492 TVTI2C - ok
16:27:39.0578 0492 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
16:27:39.0593 0492 tvtumon - ok
16:27:39.0625 0492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:27:39.0687 0492 Udfs - ok
16:27:39.0703 0492 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:27:39.0734 0492 ultra - ok
16:27:39.0750 0492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:27:39.0828 0492 Update - ok
16:27:39.0843 0492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:27:39.0906 0492 usbccgp - ok
16:27:39.0921 0492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:27:40.0015 0492 usbehci - ok
16:27:40.0046 0492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:27:40.0125 0492 usbhub - ok
16:27:40.0156 0492 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:27:40.0234 0492 usbprint - ok
16:27:40.0250 0492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:27:40.0312 0492 usbscan - ok
16:27:40.0328 0492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:27:40.0406 0492 USBSTOR - ok
16:27:40.0406 0492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:27:40.0468 0492 usbuhci - ok
16:27:40.0484 0492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:27:40.0546 0492 VgaSave - ok
16:27:40.0562 0492 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:27:40.0625 0492 viaagp - ok
16:27:40.0640 0492 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:27:40.0703 0492 ViaIde - ok
16:27:40.0734 0492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:27:40.0796 0492 VolSnap - ok
16:27:40.0812 0492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:27:40.0875 0492 Wanarp - ok
16:27:40.0875 0492 WDICA - ok
16:27:40.0921 0492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:27:41.0000 0492 wdmaud - ok
16:27:41.0015 0492 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:27:41.0093 0492 WmiAcpi - ok
16:27:41.0109 0492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:27:41.0171 0492 WS2IFSL - ok
16:27:41.0203 0492 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:27:41.0234 0492 yukonwxp - ok
16:27:41.0250 0492 MBR (0x1B8) (7b3c2a5f5c219895c583fdd299dd969a) \Device\Harddisk0\DR0
16:27:41.0312 0492 \Device\Harddisk0\DR0 - ok
16:27:41.0343 0492 Boot (0x1200) (562c7e965b75b071ed91762553285e46) \Device\Harddisk0\DR0\Partition0
16:27:41.0343 0492 \Device\Harddisk0\DR0\Partition0 - ok
16:27:41.0343 0492 ============================================================
16:27:41.0343 0492 Scan finished
16:27:41.0343 0492 ============================================================
16:27:41.0453 2912 Detected object count: 1
16:27:41.0453 2912 Actual detected object count: 1
16:27:54.0921 2912 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:54.0921 2912 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:59.0312 2784 ============================================================
16:27:59.0312 2784 Scan started
16:27:59.0312 2784 Mode: Manual; SigCheck; TDLFS;
16:27:59.0312 2784 ============================================================
16:27:59.0531 2784 Abiosdsk - ok
16:27:59.0562 2784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:27:59.0609 2784 abp480n5 - ok
16:27:59.0625 2784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:27:59.0703 2784 ACPI - ok
16:27:59.0703 2784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:27:59.0765 2784 ACPIEC - ok
16:27:59.0812 2784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:27:59.0875 2784 adpu160m - ok
16:27:59.0890 2784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:27:59.0953 2784 aec - ok
16:28:00.0000 2784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:28:00.0015 2784 AFD - ok
16:28:00.0015 2784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:28:00.0093 2784 agp440 - ok
16:28:00.0093 2784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:28:00.0156 2784 agpCPQ - ok
16:28:00.0171 2784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:28:00.0187 2784 Aha154x - ok
16:28:00.0203 2784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:28:00.0265 2784 aic78u2 - ok
16:28:00.0265 2784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:28:00.0343 2784 aic78xx - ok
16:28:00.0359 2784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:28:00.0421 2784 AliIde - ok
16:28:00.0421 2784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:28:00.0484 2784 alim1541 - ok
16:28:00.0500 2784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:28:00.0562 2784 amdagp - ok
16:28:00.0562 2784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:28:00.0593 2784 amsint - ok
16:28:00.0609 2784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:28:00.0671 2784 Arp1394 - ok
16:28:00.0671 2784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:28:00.0734 2784 asc - ok
16:28:00.0750 2784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:28:00.0781 2784 asc3350p - ok
16:28:00.0781 2784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:28:00.0843 2784 asc3550 - ok
16:28:00.0875 2784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:28:00.0937 2784 AsyncMac - ok
16:28:00.0953 2784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:28:01.0015 2784 atapi - ok
16:28:01.0031 2784 Atdisk - ok
16:28:01.0031 2784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:28:01.0093 2784 Atmarpc - ok
16:28:01.0125 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:28:01.0187 2784 audstub - ok
16:28:01.0203 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:28:01.0265 2784 Beep - ok
16:28:01.0312 2784 catchme - ok
16:28:01.0359 2784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:28:01.0421 2784 cbidf - ok
16:28:01.0421 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:28:01.0484 2784 cbidf2k - ok
16:28:01.0500 2784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:28:01.0531 2784 cd20xrnt - ok
16:28:01.0531 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:28:01.0593 2784 Cdaudio - ok
16:28:01.0625 2784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:28:01.0687 2784 Cdfs - ok
16:28:01.0687 2784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:28:01.0750 2784 Cdrom - ok
16:28:01.0765 2784 Changer - ok
16:28:01.0796 2784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:28:01.0859 2784 CmBatt - ok
16:28:01.0875 2784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:28:01.0937 2784 CmdIde - ok
16:28:01.0937 2784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:28:02.0000 2784 Compbatt - ok
16:28:02.0015 2784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:28:02.0078 2784 Cpqarray - ok
16:28:02.0093 2784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:28:02.0156 2784 dac2w2k - ok
16:28:02.0156 2784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:28:02.0218 2784 dac960nt - ok
16:28:02.0234 2784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:28:02.0296 2784 Disk - ok
16:28:02.0328 2784 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:28:02.0343 2784 DLABMFSM - ok
16:28:02.0343 2784 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:28:02.0343 2784 DLABOIOM - ok
16:28:02.0359 2784 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:28:02.0359 2784 DLACDBHM - ok
16:28:02.0375 2784 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
16:28:02.0375 2784 DLADResM - ok
16:28:02.0375 2784 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:28:02.0390 2784 DLAIFS_M - ok
16:28:02.0390 2784 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:28:02.0406 2784 DLAOPIOM - ok
16:28:02.0406 2784 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:28:02.0406 2784 DLAPoolM - ok
16:28:02.0421 2784 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:28:02.0421 2784 DLARTL_M - ok
16:28:02.0437 2784 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:28:02.0437 2784 DLAUDFAM - ok
16:28:02.0437 2784 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:28:02.0453 2784 DLAUDF_M - ok
16:28:02.0484 2784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:28:02.0562 2784 dmboot - ok
16:28:02.0562 2784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:28:02.0640 2784 dmio - ok
16:28:02.0640 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:28:02.0703 2784 dmload - ok
16:28:02.0750 2784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:28:02.0812 2784 DMusic - ok
16:28:02.0843 2784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:28:02.0906 2784 dpti2o - ok
16:28:02.0906 2784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:28:02.0968 2784 drmkaud - ok
16:28:03.0000 2784 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:28:03.0015 2784 DRVMCDB - ok
16:28:03.0015 2784 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:28:03.0031 2784 DRVNDDM - ok
16:28:03.0046 2784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:28:03.0109 2784 Fastfat - ok
16:28:03.0156 2784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:28:03.0218 2784 Fdc - ok
16:28:03.0234 2784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:28:03.0296 2784 Fips - ok
16:28:03.0312 2784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:28:03.0375 2784 Flpydisk - ok
16:28:03.0375 2784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:28:03.0453 2784 FltMgr - ok
16:28:03.0468 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:28:03.0531 2784 Fs_Rec - ok
16:28:03.0546 2784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:28:03.0609 2784 Ftdisk - ok
16:28:03.0656 2784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:28:03.0656 2784 GEARAspiWDM - ok
16:28:03.0671 2784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:28:03.0750 2784 Gpc - ok
16:28:03.0765 2784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:28:03.0843 2784 HDAudBus - ok
16:28:03.0859 2784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:28:03.0921 2784 HidUsb - ok
16:28:03.0953 2784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:28:04.0015 2784 hpn - ok
16:28:04.0031 2784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:28:04.0046 2784 HPZid412 - ok
16:28:04.0078 2784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:28:04.0093 2784 HPZipr12 - ok
16:28:04.0109 2784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:28:04.0125 2784 HPZius12 - ok
16:28:04.0171 2784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:28:04.0171 2784 HTTP - ok
16:28:04.0203 2784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:28:04.0265 2784 i2omgmt - ok
16:28:04.0281 2784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:28:04.0343 2784 i2omp - ok
16:28:04.0359 2784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:28:04.0421 2784 i8042prt - ok
16:28:04.0546 2784 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:28:04.0656 2784 ialm - ok
16:28:04.0671 2784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:28:04.0734 2784 Imapi - ok
16:28:04.0750 2784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:28:04.0812 2784 ini910u - ok
16:28:04.0921 2784 IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:28:05.0031 2784 IntcAzAudAddService - ok
16:28:05.0046 2784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:28:05.0109 2784 IntelIde - ok
16:28:05.0125 2784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:28:05.0187 2784 intelppm - ok
16:28:05.0203 2784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:28:05.0265 2784 Ip6Fw - ok
16:28:05.0281 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:28:05.0359 2784 IpFilterDriver - ok
16:28:05.0359 2784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:28:05.0421 2784 IpInIp - ok
16:28:05.0437 2784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:28:05.0500 2784 IpNat - ok
16:28:05.0515 2784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:28:05.0578 2784 IPSec - ok
16:28:05.0593 2784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:28:05.0625 2784 IRENUM - ok
16:28:05.0671 2784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:28:05.0734 2784 isapnp - ok
16:28:05.0765 2784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:28:05.0828 2784 Kbdclass - ok
16:28:05.0859 2784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:28:05.0937 2784 kbdhid - ok
16:28:05.0937 2784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:28:06.0000 2784 kmixer - ok
16:28:06.0015 2784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:28:06.0031 2784 KSecDD - ok
16:28:06.0046 2784 lbrtfdc - ok
16:28:06.0062 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:28:06.0125 2784 mnmdd - ok
16:28:06.0140 2784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:28:06.0203 2784 Modem - ok
16:28:06.0218 2784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:28:06.0281 2784 Mouclass - ok
16:28:06.0296 2784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:28:06.0359 2784 mouhid - ok
16:28:06.0375 2784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:28:06.0437 2784 MountMgr - ok
16:28:06.0468 2784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:28:06.0531 2784 mraid35x - ok
16:28:06.0531 2784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:28:06.0593 2784 MRxDAV - ok
16:28:06.0625 2784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:28:06.0640 2784 MRxSmb - ok
16:28:06.0656 2784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:28:06.0718 2784 Msfs - ok
16:28:06.0750 2784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:28:06.0812 2784 MSKSSRV - ok
16:28:06.0812 2784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:28:06.0875 2784 MSPCLOCK - ok
16:28:06.0890 2784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:28:06.0953 2784 MSPQM - ok
16:28:06.0968 2784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:28:07.0031 2784 mssmbios - ok
16:28:07.0078 2784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:28:07.0078 2784 Mup - ok
16:28:07.0093 2784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:28:07.0156 2784 NDIS - ok
16:28:07.0203 2784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:28:07.0203 2784 NdisTapi - ok
16:28:07.0218 2784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:28:07.0281 2784 Ndisuio - ok
16:28:07.0281 2784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:28:07.0343 2784 NdisWan - ok
16:28:07.0406 2784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:28:07.0406 2784 NDProxy - ok
16:28:07.0421 2784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:28:07.0468 2784 NetBIOS - ok
16:28:07.0500 2784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:28:07.0562 2784 NetBT - ok
16:28:07.0609 2784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:28:07.0671 2784 NIC1394 - ok
16:28:07.0687 2784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:28:07.0750 2784 Npfs - ok
16:28:07.0781 2784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:28:07.0843 2784 Ntfs - ok
16:28:07.0875 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:28:07.0937 2784 Null - ok
16:28:07.0968 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:28:08.0031 2784 NwlnkFlt - ok
16:28:08.0031 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:28:08.0093 2784 NwlnkFwd - ok
16:28:08.0109 2784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:28:08.0171 2784 ohci1394 - ok
16:28:08.0187 2784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:28:08.0250 2784 Parport - ok
16:28:08.0265 2784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:28:08.0328 2784 PartMgr - ok
16:28:08.0343 2784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:28:08.0406 2784 ParVdm - ok
16:28:08.0437 2784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:28:08.0500 2784 PCI - ok
16:28:08.0500 2784 PCIDump - ok
16:28:08.0515 2784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:28:08.0578 2784 PCIIde - ok
16:28:08.0593 2784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:28:08.0671 2784 Pcmcia - ok
16:28:08.0671 2784 PDCOMP - ok
16:28:08.0671 2784 PDFRAME - ok
16:28:08.0687 2784 PDRELI - ok
16:28:08.0687 2784 PDRFRAME - ok
16:28:08.0734 2784 pelmouse (b4d92797d295807d6739637538d01ccb) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
16:28:08.0734 2784 pelmouse - ok
16:28:08.0734 2784 pelusblf (d599661a3957de82aed3842cf9a669d6) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
16:28:08.0750 2784 pelusblf - ok
16:28:08.0781 2784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:28:08.0843 2784 perc2 - ok
16:28:08.0843 2784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:28:08.0906 2784 perc2hib - ok
16:28:08.0968 2784 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
16:28:08.0968 2784 pmem ( UnsignedFile.Multi.Generic ) - warning
16:28:08.0968 2784 pmem - detected UnsignedFile.Multi.Generic (1)
16:28:09.0015 2784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:28:09.0078 2784 PptpMiniport - ok
16:28:09.0093 2784 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:28:09.0109 2784 psadd - ok
16:28:09.0109 2784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:28:09.0171 2784 PSched - ok
16:28:09.0171 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:28:09.0234 2784 Ptilink - ok
16:28:09.0281 2784 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:28:09.0281 2784 PxHelp20 - ok
16:28:09.0312 2784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:28:09.0375 2784 ql1080 - ok
16:28:09.0375 2784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:28:09.0437 2784 Ql10wnt - ok
16:28:09.0468 2784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:28:09.0531 2784 ql12160 - ok
16:28:09.0546 2784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:28:09.0609 2784 ql1240 - ok
16:28:09.0609 2784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:28:09.0671 2784 ql1280 - ok
16:28:09.0703 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:28:09.0750 2784 RasAcd - ok
16:28:09.0765 2784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:28:09.0828 2784 Rasl2tp - ok
16:28:09.0843 2784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:28:09.0906 2784 RasPppoe - ok
16:28:09.0921 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:28:09.0984 2784 Raspti - ok
16:28:10.0015 2784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:28:10.0078 2784 Rdbss - ok
16:28:10.0078 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:28:10.0140 2784 RDPCDD - ok
16:28:10.0156 2784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:28:10.0218 2784 rdpdr - ok
16:28:10.0265 2784 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:28:10.0281 2784 RDPWD - ok
16:28:10.0296 2784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:28:10.0359 2784 redbook - ok
16:28:10.0390 2784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:28:10.0421 2784 Secdrv - ok
16:28:10.0453 2784 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:28:10.0515 2784 Serenum - ok
16:28:10.0531 2784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:28:10.0593 2784 Serial - ok
16:28:10.0609 2784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:28:10.0671 2784 Sfloppy - ok
16:28:10.0687 2784 Simbad - ok
16:28:10.0703 2784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:28:10.0765 2784 sisagp - ok
16:28:10.0796 2784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:28:10.0828 2784 Sparrow - ok
16:28:10.0843 2784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:28:10.0906 2784 splitter - ok
16:28:10.0921 2784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:28:10.0953 2784 sr - ok
16:28:10.0984 2784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:28:11.0000 2784 Srv - ok
16:28:11.0031 2784 SuperIO (05756b6a3a45db52334526f9e1fec6bc) C:\WINDOWS\system32\DRIVERS\spio.sys
16:28:11.0046 2784 SuperIO - ok
16:28:11.0062 2784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:28:11.0125 2784 swenum - ok
16:28:11.0156 2784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:28:11.0218 2784 swmidi - ok
16:28:11.0250 2784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:28:11.0296 2784 symc810 - ok
16:28:11.0312 2784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:28:11.0375 2784 symc8xx - ok
16:28:11.0390 2784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:28:11.0453 2784 sym_hi - ok
16:28:11.0468 2784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:28:11.0531 2784 sym_u3 - ok
16:28:11.0578 2784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:28:11.0640 2784 sysaudio - ok
16:28:11.0703 2784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:28:11.0703 2784 Tcpip - ok
16:28:11.0750 2784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:28:11.0812 2784 TDPIPE - ok
16:28:11.0812 2784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:28:11.0875 2784 TDTCP - ok
16:28:11.0906 2784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:28:11.0968 2784 TermDD - ok
16:28:11.0984 2784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:28:12.0046 2784 TosIde - ok
16:28:12.0078 2784 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
16:28:12.0078 2784 tvtfilter - ok
16:28:12.0109 2784 TVTI2C (f2bacc1b7adfecba363275e7330ab5c1) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
16:28:12.0109 2784 TVTI2C - ok
16:28:12.0125 2784 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
16:28:12.0140 2784 tvtumon - ok
16:28:12.0140 2784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:28:12.0218 2784 Udfs - ok
16:28:12.0234 2784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:28:12.0265 2784 ultra - ok
16:28:12.0281 2784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:28:12.0343 2784 Update - ok
16:28:12.0421 2784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:28:12.0484 2784 usbccgp - ok
16:28:12.0500 2784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:28:12.0562 2784 usbehci - ok
16:28:12.0578 2784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:28:12.0640 2784 usbhub - ok
16:28:12.0687 2784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:28:12.0750 2784 usbprint - ok
16:28:12.0765 2784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:28:12.0843 2784 usbscan - ok
16:28:12.0843 2784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:28:12.0906 2784 USBSTOR - ok
16:28:12.0921 2784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:28:12.0984 2784 usbuhci - ok
16:28:13.0046 2784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:28:13.0109 2784 VgaSave - ok
16:28:13.0140 2784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:28:13.0203 2784 viaagp - ok
16:28:13.0218 2784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:28:13.0265 2784 ViaIde - ok
16:28:13.0296 2784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:28:13.0359 2784 VolSnap - ok
16:28:13.0375 2784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:28:13.0437 2784 Wanarp - ok
16:28:13.0453 2784 WDICA - ok
16:28:13.0484 2784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:28:13.0546 2784 wdmaud - ok
16:28:13.0578 2784 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:28:13.0640 2784 WmiAcpi - ok
16:28:13.0687 2784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:28:13.0750 2784 WS2IFSL - ok
16:28:13.0781 2784 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:28:13.0796 2784 yukonwxp - ok
16:28:13.0828 2784 MBR (0x1B8) (7b3c2a5f5c219895c583fdd299dd969a) \Device\Harddisk0\DR0
16:28:13.0890 2784 \Device\Harddisk0\DR0 - ok
16:28:13.0906 2784 Boot (0x1200) (562c7e965b75b071ed91762553285e46) \Device\Harddisk0\DR0\Partition0
16:28:13.0906 2784 \Device\Harddisk0\DR0\Partition0 - ok
16:28:13.0906 2784 ============================================================
16:28:13.0906 2784 Scan finished
16:28:13.0906 2784 ============================================================
16:28:13.0921 2956 Detected object count: 1
16:28:13.0921 2956 Actual detected object count: 1
16:28:17.0078 2956 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
16:28:17.0078 2956 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#15
gltf
Posted 12 March 2012 - 05:41 PM

gltf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
the computer can connect with the network now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP