Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot to black screen with cursor [Solved]


  • This topic is locked This topic is locked

#16
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I'm sorry, it's the Home Edition.
  • 0

Advertisements


#17
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Do you think you could borrow an XP Professional CD?
  • 0

#18
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I don't know anybody with Professional. I'll ask around, but I'm not confident of my ability to get a disk.
  • 0

#19
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Could you tell me the model number and manufacturer of your PC?
  • 0

#20
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
It's not a standard box. I'll have to track down the specs or start looking for part numbers. Between work and the holidays, this might take a bit, please don't close the thread. Do you want more than motherboard, HD, and processor?
  • 0

#21
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You can hold that for now. I was mainly interested if it was from a major manufacturer. I have another idea coming soon.
  • 0

#22
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Let's try a restore point. We'll restore your computer to a point before the crash and see if it will boot. This may bring back the infection. Please don't try to fix it yourself, but follow the directions below.

Step 1: Run FRST.

  • Please copy the attached "fixlist.txt" file to your flash drive.
  • Please boot your computer with the CD as before.
  • Insert the flash drive with FRST on it.
  • Locate the flash drive and run FSRT.
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

If your computer will boot now, please follow the next steps.

Step 2: Run OTL.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3: Run TDSSKiller. Please do not delete anything.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Attached Files


  • 0

#23
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-26 02:31:20 Run:2
Running from E:\

==============================================

SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====

Booted disk with some difficulty. I don't know why, but sometimes, it doesn't seem to want to read the CD that the REATOGO PE is on. I try various settings, but it chance, luck, or voodoo seem to factor in somehow.

I ran FRST, fixlog.txt is above. Ejected CD from habit, realized mistake, put it back in. Tried to reboot, computer seemed locked up. Did a hard restart. Computer failed to boot normally.

Hardware specs if needed.

Mobo has this serial number on it MSI K9N6SGM-V and looks like the pic here http://reviews.cnet....7-32149344.html

Hard drive is this one Western Digital WD AV-GP WD5000AUDX 500GB IntelliPower 32MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive -Bare Drive
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

I ran FRST, fixlog.txt is above. Ejected CD from habit, realized mistake, put it back in. Tried to reboot, computer seemed locked up. Did a hard restart. Computer failed to boot normally.

'


Just to be clear, you can't boot into normal mode, right?
  • 0

#25
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Could you please boot the system from the CD once more, run FRST again, and press "Scan" to get me a fresh log.

  • 0

Advertisements


#26
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
You were correct, the machine didn't read the hard drive when it tried to boot. Or at least, it would skip over the hard drive like it skipped over the empty CD.

My FRST has different click-box options than the picture given, this first scan is with whitelist checked for registry, services, driveers, known dlls, drivers md5, list files and folders, and list partions.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 16 days old)
Ran by SYSTEM at 27-12-2012 08:08:25
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Administrator\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Default User\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Default User\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Karen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Karen\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
HKU\Philip\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Philip\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk
ShortcutTarget: Rainlendar.lnk -> C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit)
3 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [10328 2004-10-20] (America Online)
3 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-12-20] ()
2 Eventlog; C:\Windows\System32\services.exe [108032 2006-02-28] (Microsoft Corporation)
2 gupdate1c9d63b43a5d208; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-05-16] (Google Inc.)
2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 PCToolsFirewallPlus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [146800 2008-12-11] (PC Tools)
2 SLService; slserv.exe [57344 2004-08-24] ( )
2 AGCoreService; "C:\Program Files\AGI\core\3.2\AGCoreService.exe" [x]
2 AGWinService; "C:\Program Files\AGI\common\win32\PythonService.exe" [x]
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 gmgbkn; C:\WINDOWS\system32\nacwba.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 jkndrponl; C:\WINDOWS\system32\nacwba.dll [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 znsvfc; C:\WINDOWS\system32\nacwba.dll [x]
2 zzquasiif; C:\WINDOWS\system32\nacwba.dll [x]

==================== Drivers (Whitelisted) ====================

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7412736 2011-10-25] (ATI Technologies Inc.)
1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
3 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246816 2012-01-05] (IObit)
3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2007-09-28] (Motive, Inc.)
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2007-09-28] (Motive, Inc.)
3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [229720 2004-08-24] ( )
3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1395376 2004-08-24] ( )
3 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8992 2010-10-21] ()
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [73840 2009-05-13] (PC Tools)
1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [159600 2008-12-11] (PC Tools)
3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [95640 2009-05-13] (PC Tools)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [14896 2010-05-28] (Secunia)
0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [14520 2004-08-24] ( )
3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [30408 2012-07-05] (IObit.com)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-02-28] ()
3 SFilter; C:\Windows\System32\DRIVERS\pctfw.sys [97408 2008-09-22] (PC Tools)
3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [650632 2004-08-24] ( )
3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [100240 2004-08-24] ( )
3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13216 2004-08-24] ( )
3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [16248 2012-07-05] (IObit.com)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
1 lbrtfdc; [x]
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
3 MEMSWEEP2; \??\C:\WINDOWS\system32\3.tmp [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TfKbMon; C:\Windows\System32\Drivers\TfKbMon.sys [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: gmgbkn -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: znsvfc -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: jkndrponl -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: zzquasiif -> C:\WINDOWS\system32\nacwba.dll ==> No File.

==================== One Month Created Files and Folders ========

2012-12-18 06:11 - 2012-12-18 06:11 - 00000000 ____D C:\FRST
2012-12-12 04:40 - 2012-12-12 04:40 - 00003014 ____N C:\bootex.log
2012-12-12 02:39 - 2012-12-12 02:39 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\75266986.sys
2012-12-12 02:34 - 2012-12-12 02:36 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-12-12 02:34 - 2012-12-12 02:35 - 00001818 ____A C:\Documents and Settings\Philip\Desktop\Rkill.txt
2012-12-12 02:34 - 2012-12-12 02:34 - 00000000 ____D C:\Documents and Settings\Philip\Desktop\RK_Quarantine
2012-12-12 01:19 - 2012-12-12 01:21 - 00000000 ____D C:\Windows\tmp1
2012-12-12 01:05 - 2012-12-12 01:05 - 00002940 ____A C:\Windows\KB2758857.log
2012-12-12 01:05 - 2012-12-12 01:05 - 00002771 ____A C:\Windows\KB2753842.log
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-12-12 00:25 - 2012-12-12 00:25 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-12-11 04:35 - 2012-12-11 04:35 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
2012-12-10 05:55 - 2012-12-10 07:07 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\SecondLife
2012-12-10 05:54 - 2012-12-10 05:55 - 00000000 ____D C:\Program Files\SecondLifeViewer
2012-12-05 04:15 - 2012-12-05 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-01 04:55 - 2012-12-01 04:55 - 00000000 ____D C:\Documents and Settings\Philip\Trillian
2012-11-30 04:39 - 2012-11-30 04:39 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\JLAdventCalendarAlpine2012
2012-11-30 02:50 - 2012-11-30 02:50 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\JL Alpine Advent Calendar.lnk
2012-11-30 02:50 - 2012-11-30 02:50 - 00000000 ____D C:\Program Files\JL Alpine Advent Calendar
2012-11-27 10:13 - 2012-11-27 10:13 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FreeFileViewer
2012-11-27 10:12 - 2012-11-27 10:12 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FileTypeAssistant

==================== One Month Modified Files and Folders ========

2012-12-18 06:11 - 2012-12-18 06:11 - 00000000 ____D C:\FRST
2012-12-12 04:40 - 2012-12-12 04:40 - 00003014 ____N C:\bootex.log
2012-12-12 02:39 - 2012-12-12 02:39 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\75266986.sys
2012-12-12 02:39 - 2012-07-15 19:31 - 00000214 ____A C:\Windows\wiadebug.log
2012-12-12 02:39 - 2011-01-25 08:04 - 02078813 ____A C:\Windows\WindowsUpdate.log
2012-12-12 02:39 - 2011-01-02 01:26 - 00032218 ____A C:\Windows\SchedLgU.Txt
2012-12-12 02:39 - 2008-07-22 09:47 - 00000178 __ASH C:\Documents and Settings\Philip\ntuser.ini
2012-12-12 02:39 - 2008-07-22 09:47 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-12 02:39 - 2008-07-22 05:24 - 00262144 ____A C:\Windows\System32\config\security.sav
2012-12-12 02:39 - 2008-07-22 05:24 - 00024576 ____A C:\Windows\System32\config\sam.sav
2012-12-12 02:36 - 2012-12-12 02:34 - 00111872 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-12-12 02:35 - 2012-12-12 02:34 - 00001818 ____A C:\Documents and Settings\Philip\Desktop\Rkill.txt
2012-12-12 02:34 - 2012-12-12 02:34 - 00000000 ____D C:\Documents and Settings\Philip\Desktop\RK_Quarantine
2012-12-12 02:11 - 2012-03-30 19:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-12 01:58 - 2008-07-22 05:23 - 00000344 _RASH C:\boot.ini
2012-12-12 01:48 - 2006-02-28 07:00 - 00000670 ____A C:\Windows\win.ini
2012-12-12 01:47 - 2012-11-21 02:48 - 00000394 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
2012-12-12 01:47 - 2012-11-21 02:48 - 00000378 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-12-12 01:47 - 2012-09-14 17:24 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd92c7b49420c3.job
2012-12-12 01:47 - 2011-06-29 04:09 - 00000272 ____A C:\Windows\Tasks\ASC4_PerformanceMonitor.job
2012-12-12 01:47 - 2008-07-23 17:55 - 00000178 __ASH C:\Documents and Settings\Karen\ntuser.ini
2012-12-12 01:47 - 2008-07-22 09:47 - 00000062 __ASH C:\Documents and Settings\Philip\Local Settings\desktop.ini
2012-12-12 01:38 - 2008-07-23 17:55 - 00000062 __ASH C:\Documents and Settings\Karen\Local Settings\desktop.ini
2012-12-12 01:26 - 2012-07-15 19:31 - 00000050 ____A C:\Windows\wiaservc.log
2012-12-12 01:25 - 2008-07-22 09:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-12 01:25 - 2008-07-22 09:46 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-12 01:21 - 2012-12-12 01:19 - 00000000 ____D C:\Windows\tmp1
2012-12-12 01:05 - 2012-12-12 01:05 - 00002940 ____A C:\Windows\KB2758857.log
2012-12-12 01:05 - 2012-12-12 01:05 - 00002771 ____A C:\Windows\KB2753842.log
2012-12-12 01:05 - 2008-07-22 09:36 - 00000000 ____D C:\Windows\$hf_mig$
2012-12-12 00:31 - 2006-02-28 07:00 - 00002422 ____A C:\Windows\System32\wpa.dbl
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG
2012-12-12 00:26 - 2012-12-12 00:26 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG
2012-12-12 00:26 - 2008-07-22 05:23 - 36700160 ____A C:\Windows\System32\config\software.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 12058624 ____A C:\Windows\System32\config\system.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 03481600 ____A C:\Windows\System32\config\default.sav
2012-12-12 00:26 - 2008-07-22 05:23 - 00262144 ____A C:\Windows\System32\config\userdiff
2012-12-12 00:26 - 2008-07-22 05:23 - 00001024 ____A C:\Windows\System32\config\userdiff.LOG
2012-12-12 00:25 - 2012-12-12 00:25 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG
2012-12-12 00:24 - 2008-07-22 05:23 - 00001024 ____A C:\Windows\System32\config\TempKey.LOG
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ___RD C:\Windows\Web
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\usmt
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\npp
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\system
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\PeerNet
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\msagent
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Media
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\ime
2012-12-12 00:24 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Help
2012-12-12 00:21 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\twain_32
2012-12-12 00:20 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\icsxml
2012-12-12 00:19 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\ias
2012-12-12 00:19 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\System32\1033
2012-12-12 00:18 - 2008-07-22 05:18 - 00000000 ____D C:\Windows\Driver Cache
2012-12-11 07:03 - 2010-02-22 08:15 - 00000000 ____D C:\Program Files\Trillian
2012-12-11 05:34 - 2011-04-26 04:29 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
2012-12-11 04:35 - 2012-12-11 04:35 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
2012-12-10 09:25 - 2008-07-23 17:46 - 00000000 ____D C:\Documents and Settings\Philip\My Documents\Toolbox
2012-12-10 07:07 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:55 - 00000000 ____D C:\Documents and Settings\Philip\Application Data\SecondLife
2012-12-10 05:55 - 2012-12-10 05:54 - 00000000 ____D C:\Program Files\SecondLifeViewer
2012-12-09 03:15 - 2012-09-07 00:45 - 00000000 ____D C:\Documents and Settings\Karen\My Documents\Neopets
2012-12-08 18:06 - 2008-07-23 18:18 - 00000000 ____D C:\Documents and Settings\Karen\My Documents\Christmas Birthday Lists
2012-12-07 21:27 - 2011-12-05 15:14 - 00000000 ____D C:\Program Files\Cryptic Studios
2012-12-05 15:29 - 2008-09-13 00:03 - 00000000 ____D C:\Documents and Settings\Karen\Local Settings\Application Data\Apple Computer
2012-12-05 15:29 - 2008-07-23 23:11 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\Apple Computer
2012-12-05 15:25 - 2012-12-05 04:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-05 10:15 - 2012-05-03 15:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-12-05 05:36 - 2012-07-24 19:20 - 00003224 ____A C:\Windows\wmsetup.log
2012-12-04 08:14 - 2008-07-24 05:21 - 00236032 ____A C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-03 11:37 - 2012-08-07 04:06 - 00000000 ____D C:\Crash
2012-12-03 08:05 - 2008-07-24 02:48 - 00000000 ____D C:\Program Files\Hijack This
2012-12-03 01:33 - 2012-09-17 03:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2012-12-01 04:55 - 2012-12-01 04:55 - 00000000 ____D C:\Documents and Settings\Philip\Trillian
2012-11-30 04:39 - 2012-11-30 04:39 - 00000000 ____D C:\Documents and Settings\Karen\Application Data\JLAdventCalendarAlpine2012
2012-11-30 02:50 - 2012-11-30 02:50 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\JL Alpine Advent Calendar.lnk
2012-11-30 02:50 - 2012-11-30 02:50 - 00000000 ____D C:\Program Files\JL Alpine Advent Calendar
2012-11-27 10:13 - 2012-11-27 10:13 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FreeFileViewer
2012-11-27 10:12 - 2012-11-27 10:12 - 00000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\FileTypeAssistant


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-11 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP693

RP: -> 2012-12-11 04:31 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP692

RP: -> 2012-12-10 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP691

RP: -> 2012-12-09 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP690

RP: -> 2012-12-08 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP689

RP: -> 2012-12-07 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP688

RP: -> 2012-12-06 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP687

RP: -> 2012-12-05 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP686

RP: -> 2012-12-04 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP685

RP: -> 2012-12-04 02:21 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP684

RP: -> 2012-12-03 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP683

RP: -> 2012-12-02 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP682

RP: -> 2012-12-01 10:12 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP681

RP: -> 2012-12-01 08:46 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP680

RP: -> 2012-11-30 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP679

RP: -> 2012-11-29 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP678

RP: -> 2012-11-28 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP677

RP: -> 2012-11-27 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP676

RP: -> 2012-11-26 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP675

RP: -> 2012-11-25 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP674

RP: -> 2012-11-24 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP673


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2047.36 MB
Available physical RAM: 1779.61 MB
Total Pagefile: 1878.02 MB
Available Pagefile: 1810.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:465.76 GB) (Free:241.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive e: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
=========================================================
==================== End Of Log ============================

This second scan is with absolutely nothing checked for whitelist, since the above picture had list drivers md5 unchecked and I'm not sure about the rest. I'm beginning to think that I have done something absolutely horrific to the OS or drivers or something weird.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 16 days old)
Ran by SYSTEM at 27-12-2012 08:13:54
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry ================================

HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Administrator\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Administrator.DILBERT.000\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Default User\...\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 [x]
HKU\Default User\...\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-04] (Nero AG)
HKU\Karen\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Karen\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
HKU\Karen\...\Policies\system: [DisableRegistryTools] 0
HKU\Karen\...\Policies\system: [DisableTaskMgr] 0
HKU\Philip\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-10-25] (Google Inc.)
HKU\Philip\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2006-02-28] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [24576 2006-02-28] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [1032192 2006-02-28] (Microsoft Corporation)
HKLM\...\Winlogon: [UIHost] logonui.exe [514560 2006-02-28] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk
ShortcutTarget: Rainlendar.lnk -> C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()

============== Services =========================

3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250808 2012-11-15] (Adobe Systems Incorporated)
2 AdvancedSystemCareService; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2006-02-28] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [44544 2006-02-28] (Microsoft Corporation)
3 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [10328 2004-10-20] (America Online)
3 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 2012-08-11] (Apple Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [643072 2011-10-25] (ATI Technologies Inc.)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-12-20] ()
2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2006-02-28] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [390504 2011-08-30] (Apple Inc.)
2 Browser; C:\Windows\System32\browser.dll [77312 2006-02-28] (Microsoft Corporation)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2006-02-28] (Microsoft Corporation)
3 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2006-02-28] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [5120 2006-02-28] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [60416 2006-02-28] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [395776 2006-02-28] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [111104 2006-02-28] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2006-02-28] (Microsoft Corp., Veritas Software)
3 dmserver; C:\Windows\System32\dmserver.dll [23552 2006-02-28] (Microsoft Corp.)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2006-02-28] (Microsoft Corporation)
3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2006-02-28] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [108032 2006-02-28] (Microsoft Corporation)
3 EventSystem; C:\WINDOWS\system32\es.dll [243200 2006-02-28] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [134656 2006-02-28] (Microsoft Corporation)
2 gupdate1c9d63b43a5d208; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-05-16] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [133104 2009-05-16] (Google Inc.)
3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [194032 2012-08-18] (Google)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
2 HidServ; C:\Windows\System32\hidserv.dll [21504 2006-02-28] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2006-02-28] (Microsoft Corporation)
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-22] (Macrovision Corporation)
2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
3 ImapiService; C:\Windows\System32\imapi.exe [150016 2006-02-28] (Microsoft Corporation)
2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [821648 2012-09-09] (Apple Inc.)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [96768 2006-02-28] (Microsoft Corporation)
2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2006-02-28] (Microsoft Corporation)
3 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [75304 2007-04-19] (Hewlett-Packard Company)
2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2006-02-28] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2006-02-28] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [115168 2012-12-05] (Mozilla Foundation)
3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
3 MSIServer; C:\Windows\System32\msiexec.exe /V [77312 2006-02-28] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2006-02-28] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2006-02-28] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [13312 2006-02-28] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [198144 2006-02-28] (Microsoft Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2006-02-28] (Microsoft Corporation)
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [267824 2007-05-04] (Nero AG)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2006-02-28] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2006-02-28] (Microsoft Corporation)
2 PCToolsFirewallPlus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [146800 2008-12-11] (PC Tools)
2 PlugPlay; C:\Windows\System32\services.exe [108032 2006-02-28] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2006-02-28] (Microsoft Corporation)
2 ProtectedStorage; C:\Windows\System32\lsass.exe [13312 2006-02-28] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [89088 2006-02-28] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [174080 2006-02-28] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [49152 2006-02-28] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [75264 2006-02-28] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [395776 2006-02-28] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2006-02-28] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [13312 2006-02-28] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2006-02-28] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
2 seclogon; C:\Windows\System32\seclogon.dll [18944 2006-02-28] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [38912 2006-02-28] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [331264 2006-02-28] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [134656 2006-02-28] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-03] (Skype Technologies)
2 SLService; slserv.exe [57344 2004-08-24] ( )
2 Spooler; C:\Windows\System32\spoolsv.exe [57856 2006-02-28] (Microsoft Corporation)
2 srservice; C:\Windows\System32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2006-02-28] (Microsoft Corporation)
3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [407336 2011-03-16] (Valve Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [333312 2006-02-28] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{9340B1C1-FB78-499A-8FA9-CE7196D318ED} [5120 2006-02-28] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2006-02-28] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [246272 2006-02-28] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [134656 2006-02-28] (Microsoft Corporation)
3 TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008 2010-08-24] (TomTom)
2 TrkWks; C:\Windows\System32\trkwks.dll [90624 2006-02-28] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [185344 2006-02-28] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2006-02-28] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [289792 2006-02-28] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [174592 2006-02-28] (Microsoft Corporation)
2 WebClient; C:\Windows\System32\webclnt.dll [67584 2006-02-28] (Microsoft Corporation)
2 winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1529728 2009-08-18] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2006-02-28] (Microsoft Corporation)
3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [913408 2006-10-18] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [81408 2006-02-28] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [439808 2008-05-26] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
3 WudfSvc; C:\Windows\System32\WUDFSvc.dll [55808 2008-06-11] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [359936 2006-02-28] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129536 2006-02-28] (Microsoft Corporation)
2 AGCoreService; "C:\Program Files\AGI\core\3.2\AGCoreService.exe" [x]
2 AGWinService; "C:\Program Files\AGI\common\win32\PythonService.exe" [x]
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 gmgbkn; C:\WINDOWS\system32\nacwba.dll [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 jkndrponl; C:\WINDOWS\system32\nacwba.dll [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
2 znsvfc; C:\WINDOWS\system32\nacwba.dll [x]
2 zzquasiif; C:\WINDOWS\system32\nacwba.dll [x]

==================== Drivers ===============================

0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [187776 2006-02-28] (Microsoft Corporation)
4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2006-02-28] (Microsoft Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142464 2006-02-28] (Microsoft Corporation)
3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2006-02-28] (Microsoft Corporation)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [14336 2006-02-28] (Microsoft Corporation)
0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [95360 2006-02-28] (Microsoft Corporation)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7412736 2011-10-25] (ATI Technologies Inc.)
3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [93696 2008-05-20] (ATI Research Inc.)
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2006-02-28] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
1 Beep; C:\Windows\System32\Drivers\Beep.sys [4224 2006-02-28] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2006-02-28] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2006-02-28] (Microsoft Corporation)
4 Cdfs; C:\Windows\System32\Drivers\Cdfs.sys [63744 2006-02-28] (Microsoft Corporation)
1 Cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [49536 2006-02-28] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [36352 2006-02-28] (Microsoft Corporation)
4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2006-02-28] (Microsoft Corp., Veritas Software)
4 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2006-02-28] (Microsoft Corp., Veritas Software)
4 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2006-02-28] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [2944 2006-02-28] (Microsoft Corporation)
4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143360 2006-02-28] (Microsoft Corporation)
1 Fdc; C:\Windows\System32\Drivers\Fdc.sys [27392 2006-02-28] (Microsoft Corporation)
3 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246816 2012-01-05] (IObit)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [34944 2006-02-28] (Microsoft Corporation)
1 Flpydisk; C:\Windows\System32\Drivers\Flpydisk.sys [20480 2006-02-28] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\DRIVERS\fltMgr.sys [129792 2008-04-13] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [7936 2006-02-28] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2006-02-28] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2006-02-28] (Microsoft Corporation)
3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [9600 2006-02-28] (Microsoft Corporation)
3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [263040 2006-02-28] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [52736 2006-02-28] (Microsoft Corporation)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [41856 2006-02-28] (Microsoft Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4745216 2008-07-03] (Realtek Semiconductor Corp.)
3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [29056 2006-02-28] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2006-02-28] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20992 2006-02-28] (Microsoft Corporation)
3 IpNat; C:\Windows\System32\DRIVERS\ipnat.sys [134912 2006-02-28] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [74752 2006-02-28] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
0 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [35840 2006-02-28] (Microsoft Corporation)
1 Kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [24576 2006-02-28] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [14848 2006-02-28] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [171776 2006-02-28] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92032 2006-02-28] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2006-02-28] (Microsoft Corporation)
3 Modem; C:\Windows\System32\Drivers\Modem.sys [30080 2006-02-28] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)
1 Mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [23040 2006-02-28] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [12160 2006-02-28] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42240 2006-02-28] (Microsoft Corporation)
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2007-09-28] (Motive, Inc.)
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2007-09-28] (Motive, Inc.)
3 MRxDAV; C:\Windows\System32\DRIVERS\mrxdav.sys [181248 2006-02-28] (Microsoft Corporation)
1 MRxSmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [451456 2006-02-28] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [19072 2006-02-28] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [7552 2006-02-28] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5376 2006-02-28] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [4992 2006-02-28] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [15488 2006-02-28] (Microsoft Corporation)
3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [229720 2004-08-24] ( )
3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1395376 2004-08-24] ( )
0 Mup; C:\Windows\System32\Drivers\Mup.sys [107904 2006-02-28] (Microsoft Corporation)
3 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8992 2010-10-21] ()
0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182912 2006-02-28] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [9600 2006-02-28] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [12928 2006-02-28] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [91776 2006-02-28] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [38016 2006-02-28] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [34560 2006-02-28] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [162816 2006-02-28] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [30848 2006-02-28] (Microsoft Corporation)
4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574592 2006-02-28] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [2944 2006-02-28] (Microsoft Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2006-02-28] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2006-02-28] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [80128 2006-02-28] (Microsoft Corporation)
0 PartMgr; C:\Windows\System32\Drivers\PartMgr.sys [18688 2006-02-28] (Microsoft Corporation)
2 ParVdm; C:\Windows\System32\Drivers\ParVdm.sys [6784 2006-02-28] (Microsoft Corporation)
0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
0 PCI; C:\Windows\System32\DRIVERS\pci.sys [68224 2006-02-28] (Microsoft Corporation)
0 PCIIde; C:\Windows\System32\DRIVERS\pciide.sys [3328 2006-02-28] (Microsoft Corporation)
4 Pcmcia; C:\Windows\System32\Drivers\Pcmcia.sys [119936 2006-02-28] (Microsoft Corporation)
2 PCTAppEvent; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [73840 2009-05-13] (PC Tools)
1 pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [159600 2008-12-11] (PC Tools)
3 pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [95640 2009-05-13] (PC Tools)
3 Point32; C:\Windows\System32\DRIVERS\point32.sys [21760 2007-08-21] (Microsoft Corporation)
1 Processor; C:\Windows\System32\DRIVERS\processr.sys [35328 2006-02-28] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2006-02-28] (Microsoft Corporation)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [14896 2010-05-28] (Secunia)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2006-02-28] (Parallel Technologies, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43528 2009-05-01] (Sonic Solutions)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [8832 2006-02-28] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [51328 2006-02-28] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2006-02-28] (Microsoft Corporation)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2006-02-28] (Microsoft Corporation)
1 Rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [176512 2006-02-28] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [4224 2006-02-28] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [14520 2004-08-24] ( )
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [30408 2012-07-05] (IObit.com)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-02-28] ()
3 serenum; C:\Windows\System32\DRIVERS\serenum.sys [15488 2006-02-28] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [64896 2006-02-28] (Microsoft Corporation)
3 SFilter; C:\Windows\System32\DRIVERS\pctfw.sys [97408 2008-09-22] (PC Tools)
1 Sfloppy; C:\Windows\System32\Drivers\Sfloppy.sys [11392 2006-02-28] (Microsoft Corporation)
3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [650632 2004-08-24] ( )
3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [100240 2004-08-24] ( )
3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13216 2004-08-24] ( )
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
3 Srv; C:\Windows\System32\DRIVERS\srv.sys [336256 2006-02-28] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [4352 2006-02-28] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [54272 2006-02-28] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2006-02-28] (Microsoft Corporation)
1 Tcpip; C:\Windows\System32\DRIVERS\tcpip.sys [359040 2006-02-28] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
4 Udfs; C:\Windows\System32\Drivers\Udfs.sys [66176 2006-02-28] (Microsoft Corporation)
3 Update; C:\Windows\System32\DRIVERS\update.sys [209408 2006-02-28] (Microsoft Corporation)
3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [16248 2012-07-05] (IObit.com)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [31616 2006-02-28] (Microsoft Corporation)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [26624 2006-02-28] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [57600 2006-02-28] (Microsoft Corporation)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [17024 2006-02-28] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [26496 2006-02-28] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [20992 2006-02-28] (Microsoft Corporation)
0 VolSnap; C:\Windows\System32\Drivers\VolSnap.sys [52352 2006-02-28] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [34560 2006-02-28] (Microsoft Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [82944 2006-02-28] (Microsoft Corporation)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
1 WS2IFSL; C:\Windows\System32\drivers\ws2ifsl.sys [12032 2006-02-28] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\DRIVERS\WudfPf.sys [77568 2008-06-11] (Microsoft Corporation)
3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2008-06-11] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\Philip\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
1 lbrtfdc; [x]
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
3 MEMSWEEP2; \??\C:\WINDOWS\system32\3.tmp [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TfKbMon; C:\Windows\System32\Drivers\TfKbMon.sys [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys a10c7534f7223f4a73a948967d00e69b
C:\Windows\System32\Drivers\ACPIEC.sys 9859c0f6936e723e4892d7141b1327d5
C:\Windows\System32\drivers\aec.sys 841f385c6cfaf66b58fbd898722bb4f0
C:\Windows\System32\drivers\Afc.sys a7b8a3a79d35215d798a300df49ed23f
C:\Windows\System32\drivers\afd.sys 5ac495f4cb807b2b98ad2ad591e6d92e
C:\Windows\System32\DRIVERS\AmdK8.sys efbb0956baed786e137351b5ca272aef
C:\Windows\System32\DRIVERS\AmdLLD.sys ad8fa28d8ed0d0a689a0559085ce0f18
C:\Windows\System32\DRIVERS\asyncmac.sys 02000abf34af4c218c35d257024807d6
C:\Windows\System32\DRIVERS\atapi.sys cdfe4411a69c224bd1d11b2da92dac51
C:\Windows\System32\DRIVERS\ati2mtag.sys f27a0b0d1373d36d866f29b434b7aa92
C:\Windows\System32\drivers\AtiHdmi.sys 41c8f0eda10da14378d304c20ba6e558
C:\Windows\System32\DRIVERS\atmarpc.sys ec88da854ab7d7752ec8be11a741bb7f
C:\Windows\System32\DRIVERS\audstub.sys d9f724aa26c010a217c97606b160ed68
C:\Windows\System32\Drivers\BANTExt.sys 5d7be7b19e827125e016325334e58ff1
C:\Windows\System32\Drivers\Beep.sys da1f27d85e0d1525f6621372e7b685e9
C:\Windows\System32\Drivers\cbidf2k.sys 90a673fc8e12a79afbed2576f6a7aaf9
C:\Windows\System32\Drivers\Cdaudio.sys c1b486a7658353d33a10cc15211a873b
C:\Windows\System32\Drivers\Cdfs.sys cd7d5152df32b47f4e36f710b35aae02
C:\Windows\System32\DRIVERS\cdrom.sys af9c19b3100fe010496b1a27181fbf72
C:\Windows\System32\DRIVERS\disk.sys 00ca44e4534865f8a3b64f7c0984bff0
C:\Windows\System32\drivers\dmboot.sys c0fbb516e06e243f0cf31f597e7ebf7d
C:\Windows\System32\drivers\dmio.sys f5e7b358a732d09f4bcf2824b88b9e28
C:\Windows\System32\drivers\dmload.sys e9317282a63ca4d188c0df5e09c6ac5f
C:\Windows\System32\drivers\DMusic.sys 8a208dfcf89792a484e76c40e5f50b45
C:\Windows\System32\drivers\drmkaud.sys 1ed4dbbae9f5d558dbba4cc450e3eb2e
C:\Windows\System32\Drivers\Fastfat.sys 3117f595e9615e04f05a54fc15a03b20
C:\Windows\System32\Drivers\Fdc.sys ced2e8396a8838e59d8fd529c680e02c
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys 9200a69413d69ab86add9bc81960be7b
C:\Windows\System32\Drivers\Fips.sys e153ab8a11de5452bcf5ac7652dbf3ed
C:\Windows\System32\Drivers\Flpydisk.sys 0dd1de43115b93f4d85e889d7a86f548
C:\Windows\System32\DRIVERS\fltMgr.sys b2cf4b0786f8212cb92ed2b50c6db6b0
C:\Windows\System32\Drivers\Fs_Rec.sys 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
C:\Windows\System32\DRIVERS\ftdisk.sys 6ac26732762483366c3969c9e4d2259d
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ada973b5020655cee342059a86cbb
C:\Windows\System32\DRIVERS\msgpc.sys c0f1d4a21de5a415df8170616703debf
C:\Windows\System32\drivers\AtiHdAud.sys 56bf27d7a539f9e6bbc1de201aba0edf
C:\Windows\System32\DRIVERS\HDAudBus.sys 573c7d0a32852b48f3058cfd8026f511
C:\Windows\System32\DRIVERS\hidusb.sys 1de6783b918f540149aa69943bdfeba8
C:\Windows\System32\Drivers\HTTP.sys c19b522a9ae0bbc3293397f3055e80a1
C:\Windows\System32\DRIVERS\i8042prt.sys 5502b58eef7486ee6f93f3f164dcb808
C:\Windows\System32\DRIVERS\imapi.sys f8aa320c6a0409c0380e5d8a99d76ec6
C:\Windows\System32\drivers\RtkHDAud.sys 41bb402c2ade27b32439bb765864ab3b
C:\Windows\System32\DRIVERS\Ip6Fw.sys 4448006b6bc60e6c027932cfc38d6855
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731f22ba402ee4b62748adaf6363c182
C:\Windows\System32\DRIVERS\ipinip.sys e1ec7f5da720b640cd8fb8424f1b14bb
C:\Windows\System32\DRIVERS\ipnat.sys b5a8e215ac29d24d60b4d1250ef05ace
C:\Windows\System32\DRIVERS\ipsec.sys 64537aa5c003a6afeee1df819062d0d1
C:\Windows\System32\DRIVERS\irenum.sys c93c9ff7b04d772627a3646d89f7bf89
C:\Windows\System32\DRIVERS\isapnp.sys e504f706ccb699c2596e9a3da1596e87
C:\Windows\System32\DRIVERS\kbdclass.sys ebdee8a2ee5393890a1acee971c4c246
C:\Windows\System32\DRIVERS\kbdhid.sys e182fa8e49e8ee41b4adc53093f3c7e6
C:\Windows\System32\drivers\kmixer.sys d93cad07c5683db066b0b2d2d3790ead
C:\Windows\System32\Drivers\KSecDD.sys eb7ffe87fd367ea8fca0506f74a87fbb
C:\Windows\System32\Drivers\mnmdd.sys 4ae068242760a1fb6e1a44bf4e16afa6
C:\Windows\System32\Drivers\Modem.sys 6fc6f9d7acc36dca9b914565a3aeda05
C:\Windows\System32\drivers\MODEMCSA.sys 1992e0d143b09653ab0f9c5e04b0fd65
C:\Windows\System32\DRIVERS\mouclass.sys 34e1f0031153e491910e12551400192c
C:\Windows\System32\DRIVERS\mouhid.sys b1c303e17fb9d46e87a98e4ba6769685
C:\Windows\System32\Drivers\MountMgr.sys 65653f3b4477f3c63e68a9659f85ee2e
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS 2bc9e43f55de8c30fc817ed56d0ee907
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS 594b9d8194e3f4ecbf0325bd10bbeb05
C:\Windows\System32\DRIVERS\mrxdav.sys 46edcc8f2db2f322c24f48785cb46366
C:\Windows\System32\DRIVERS\mrxsmb.sys 1fd607fc67f7f7c633c3da65bfc53d18
C:\Windows\System32\Drivers\Msfs.sys 561b3a4333ca2dbdba28b5b956822519
C:\Windows\System32\drivers\MSKSSRV.sys ae431a8dd3c1d0d0610cdbac16057ad0
C:\Windows\System32\drivers\MSPCLOCK.sys 13e75fef9dfeb08eeded9d0246e1f448
C:\Windows\System32\drivers\MSPQM.sys 1988a33ff19242576c3d0ef9ce785da7
C:\Windows\System32\DRIVERS\mssmbios.sys 469541f8bfd2b32659d5d463a6714bce
C:\Windows\System32\DRIVERS\Mtlmnt5.sys 47c16c6c710b99f2d1cbfb0a3b24d1e8
C:\Windows\System32\DRIVERS\Mtlstrm.sys 8dcda7ddbd68971e7833ffdc31f63b07
C:\Windows\System32\Drivers\Mup.sys 82035e0f41c2dd05ae41d27fe6cf7de1
C:\Program Files\MySQL\MySQL Server 5.1\my.ini 41957b0da804fccfa0c7cfd1448e4eaa
C:\Windows\System32\Drivers\NDIS.sys 558635d3af1c7546d26067d5d9b6959e
C:\Windows\System32\DRIVERS\ndistapi.sys 08d43bbdacdf23f34d79e44ed35c1b4c
C:\Windows\System32\DRIVERS\ndisuio.sys 34d6cd56409da9a7ed573e1c90a308bf
C:\Windows\System32\DRIVERS\ndiswan.sys 0b90e255a9490166ab368cd55a529893
C:\Windows\System32\Drivers\NDProxy.sys 59fc3fb44d2669bc144fd87826bb571f
C:\Windows\System32\DRIVERS\netbios.sys 3a2aca8fc1d7786902ca434998d7ceb4
C:\Windows\System32\DRIVERS\netbt.sys 0c80e410cd2f47134407ee7dd19cc86b
C:\Windows\System32\Drivers\Npfs.sys 4f601bcb8f64ea3ac0994f98fed03f8e
C:\Windows\System32\Drivers\Ntfs.sys b78be402c3f63dd55521f73876951cdd
C:\Windows\System32\Drivers\Null.sys 73c1e1f395918bc2c6dd67af7591a3ad
C:\Windows\System32\DRIVERS\NVENETFD.sys 7d275ecda4628318912f6c945d5cf963
C:\Windows\System32\DRIVERS\nvgts.sys a117466b0acb13288deee4f2e936e67f
C:\Windows\System32\DRIVERS\nvnetbus.sys b64aacefad2be5bff5353fe681253c67
C:\Windows\System32\DRIVERS\nwlnkflt.sys b305f3fad35083837ef46a0bbce2fc57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys c99b3415198d1aab7227f2c88fd664b9
C:\Windows\System32\DRIVERS\parport.sys 29744eb4ce659dfe3b4122deb45bc478
C:\Windows\System32\Drivers\PartMgr.sys 3334430c29dc338092f79c38ef7b4cd0
C:\Windows\System32\Drivers\ParVdm.sys 70e98b3fd8e963a6a46a2e6247e0bea1
C:\Windows\System32\drivers\pavboot.sys 3adb8bd6154a3ef87496e8fce9c22493
C:\Windows\System32\DRIVERS\pci.sys 8086d9979234b603ad5bc2f5d890b234
C:\Windows\System32\DRIVERS\pciide.sys ccf5f451bb1a5a2a522a76e670000ff0
C:\Windows\System32\Drivers\Pcmcia.sys 82a087207decec8456fbe8537947d579
C:\WINDOWS\system32\drivers\PCTAppEvent.sys 3379e7a840de135fb7a829e03bc9cc25
C:\WINDOWS\system32\drivers\pctgntdi.sys bf770a5817fa8fba1402b2286a7f394c
C:\WINDOWS\system32\drivers\pctplfw.sys 0eec24affc5ab0a2bbe4a6a886230aa5
C:\Windows\System32\DRIVERS\point32.sys b4f59a953ef9e507f0d00c3a68580b8b
C:\Windows\System32\DRIVERS\processr.sys 0d97d88720a4087ec93af7dbb303b30a
C:\Windows\System32\DRIVERS\psched.sys 48671f327553dcf1d27f6197f622a668
C:\Windows\System32\DRIVERS\psi_mf.sys 14e6fb92f1788982e2bbc81d915b1f02
C:\Windows\System32\DRIVERS\ptilink.sys 80d317bd1c3dbc5d4fe7b1678c60cadd
C:\Windows\System32\Drivers\PxHelp20.sys d86b4a68565e444d76457f14172c875a
C:\Windows\System32\DRIVERS\rasacd.sys fe0d99d6f31e4fad8159f690d68ded9c
C:\Windows\System32\DRIVERS\rasl2tp.sys 98faeb4a4dcf812ba1c6fca4aa3e115c
C:\Windows\System32\DRIVERS\raspppoe.sys 7306eeed8895454cbed4669be9f79faa
C:\Windows\System32\DRIVERS\raspti.sys fdbb1d60066fcfbb7452fd8f9829b242
C:\Windows\System32\DRIVERS\rdbss.sys 29d66245adba878fff574cd66abd2884
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912d5b403614ce99c28420f75353332
C:\Windows\System32\Drivers\RDPWD.sys 43af5212bd8fb5ba6eed9754358bd8f7
C:\Windows\System32\DRIVERS\RecAgent.sys 604567bf6f9742f6c69730dbc87227b3
C:\Windows\System32\DRIVERS\redbook.sys f828dd7e1419b6653894a8f97a0094c5
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys d03fa5ec6b855fee1ee16c5b0c0ba42c
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS a3281aec37e0720a2bc28034c2df2a56
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 61db0d0756a99506207fd724e3692b25
C:\Windows\System32\DRIVERS\secdrv.sys d26e26ea516450af9d072635c60387f4
C:\Windows\System32\DRIVERS\serenum.sys a2d868aeeff612e70e213c451a70cafb
C:\Windows\System32\DRIVERS\serial.sys cd9404d115a00d249f70a371b46d5a26
C:\Windows\System32\DRIVERS\pctfw.sys 975f4e44fd48c36beed30c96a115b2b8
C:\Windows\System32\Drivers\Sfloppy.sys 0d13b6df6e9e101013a7afb0ce629fe0
C:\Windows\System32\DRIVERS\slntamr.sys 0838b9b9fea67da1a2e60c595c2fcbf3
C:\Windows\System32\DRIVERS\Slnthal.sys ec437c138e5a6c53b2605fbcb77f2845
C:\Windows\System32\DRIVERS\SlWdmSup.sys 03ec63e1de00d7efa51997ddd208ca2b
C:\Windows\System32\drivers\splitter.sys ab8b92451ecb048a4d1de7c3ffcb4a9f
C:\Windows\System32\DRIVERS\sr.sys 76bb022c2fb6902fd5bdd4f78fc13a5d
C:\Windows\System32\DRIVERS\srv.sys 20b7e396720353e4117d64d9dcb926ca
C:\Windows\System32\DRIVERS\swenum.sys 03c1bae4766e2450219d20b993d6e046
C:\Windows\System32\drivers\swmidi.sys 94abc808fc4b6d7d2bbf42b85e25bb4d
C:\Windows\System32\drivers\sysaudio.sys 650ad082d46bac0e64c9c0e0928492fd
C:\Windows\System32\DRIVERS\tcpip.sys 9f4b36614a0fc234525ba224957de55c
C:\Windows\System32\Drivers\TDPIPE.sys 6471a66807f5e104e4885f5b67349397
C:\Windows\System32\Drivers\TDTCP.sys c56b6d0402371cf3700eb322ef3aaf61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429d9e
C:\Windows\System32\Drivers\Udfs.sys 12f70256f140cd7d52c58c7048fde657
C:\Windows\System32\DRIVERS\update.sys aff2e5045961bbc0a602bb6f95eb1345
C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys cb41cd653916362ca5ecd242382a156e
C:\Windows\System32\DRIVERS\lgusbbus.sys af9388e736af0c325067f05edc350010
C:\Windows\System32\DRIVERS\usbccgp.sys bffd9f120cc63bcbaa3d840f3eef9f79
C:\Windows\System32\DRIVERS\lgusbdiag.sys ae30ea96e60e823c7b525da356283ae8
C:\Windows\System32\DRIVERS\usbehci.sys 15e993ba2f6946b2bfbbfcd30398621e
C:\Windows\System32\DRIVERS\usbhub.sys c72f40947f92cea56a8fb532edf025f1
C:\Windows\System32\DRIVERS\lgusbmodem.sys 46ac66df3d6efe81f69bea823a53aab5
C:\Windows\System32\DRIVERS\usbohci.sys bdfe799a8531bad8a5a985821fe78760
C:\Windows\System32\DRIVERS\usbprint.sys a717c8721046828520c9edf31288fc00
C:\Windows\System32\DRIVERS\usbscan.sys a0b8cf9deb1184fbdd20784a58fa75d4
C:\Windows\System32\DRIVERS\USBSTOR.SYS 6cd7b22193718f1d17a47a1cd6d37e75
C:\Windows\System32\drivers\vga.sys 8a60edd72b4ea5aea8202daf0e427925
C:\Windows\System32\Drivers\VolSnap.sys ee4660083deba849ff6c485d944b379b
C:\Windows\System32\DRIVERS\wanarp.sys 984ef0b9788abf89974cfed4bfbaacbc
C:\Windows\System32\DRIVERS\wanatw4.sys 0a716c08cb13c3a8f4f51e882dbf7416
C:\Windows\System32\drivers\wdmaud.sys 2797f33ebf50466020c430ee4f037933
C:\Windows\System32\drivers\WmBEnum.sys 5d410936831f7fb58eff941eac3f6d3d
C:\Windows\System32\drivers\WmFilter.sys 7a13cfde92956ca61a0927d766c5ad4f
C:\Windows\System32\drivers\WmVirHid.sys 6f04646bc690f8bbfc344be32a60796d
C:\Windows\System32\drivers\WmXlCore.sys 1d6ca43d562333f4dfb40bcef2453f3a
C:\Windows\System32\drivers\ws2ifsl.sys 6abe6e225adb5a751622a9cc3bc19ce8
C:\Windows\System32\DRIVERS\WudfPf.sys f15feafffbb3644ccc80c5da584e6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28b524262bce6de1f7ef9f510ba3985b

==================== NetSvcs (Whitelisted) ===================

NETSVC: gmgbkn -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: znsvfc -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: jkndrponl -> C:\WINDOWS\system32\nacwba.dll ==> No File.
NETSVC: zzquasiif -> C:\WINDOWS\system32\nacwba.dll ==> No File.

==================== Known DLLs ==============================

[2006-02-28 07:00] - [2006-02-28 07:00] - 0616960 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0276992 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0278016 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0983552 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\lz32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 1281536 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0553472 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0068608 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0034304 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0581120 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 8384000 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0037888 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0577024 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0656384 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0172032 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-11 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP693

RP: -> 2012-12-11 04:31 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP692

RP: -> 2012-12-10 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP691

RP: -> 2012-12-09 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP690

RP: -> 2012-12-08 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP689

RP: -> 2012-12-07 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP688

RP: -> 2012-12-06 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP687

RP: -> 2012-12-05 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP686

RP: -> 2012-12-04 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP685

RP: -> 2012-12-04 02:21 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP684

RP: -> 2012-12-03 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP683

RP: -> 2012-12-02 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP682

RP: -> 2012-12-01 10:12 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP681

RP: -> 2012-12-01 08:46 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP680

RP: -> 2012-11-30 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP679

RP: -> 2012-11-29 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP678

RP: -> 2012-11-28 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP677

RP: -> 2012-11-27 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP676

RP: -> 2012-11-26 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP675

RP: -> 2012-11-25 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP674

RP: -> 2012-11-24 10:00 - 024576 _restore{398A4EF5-1D0B-4AE9-9646-E6C20ACB7358}\RP673


==================== End Of Log ============================
  • 0

#27
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi jhackofalltrades,

  • Please download ListParts and the attached file below to a USB drive.
  • Now, please boot your system from the CD you made like before.
  • When the desktop appears, please navigate to your flash drive and double-click on the ListParts file that you downloaded.
  • Press Fix button.
  • When it is done close the notification pop up. Click Scan and copy and paste the log (Result.txt) it makes.

If your computer will boot normally now, please follow the next steps.

Step 2: Run OTL.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3: Run TDSSKiller. Please do not delete anything.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Attached Files

  • Attached File  fix.txt   33bytes   123 downloads

  • 0

#28
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Downloaded Listparts and fix.txt, ran it, got results.txt, copied and pasted below.

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 30-12-2012 at 07:12:46
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 2047.36 MB
Available physical RAM: 1838.24 MB
Total Pagefile: 1878.02 MB
Available Pagefile: 1817.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 2008.25 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:465.76 GB) (Free:241.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
5 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 1 Online 466 GB 0 B

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
======================================================================================================

Disk: 1
The disk management services could not complete the operation.

======================================================================================================

****** End Of Log ******

Computer still failing to boot normally without a CD in the drive
  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

I think we are getting closer, but something seems to have switched on me. Could you please run ListParts again, and this time press "Scan" instead of "Fix," then post the log.

  • 0

#30
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Booted to CD, ran ListParts, noticed a checkbox for 'List BCDs' First run is without List BCDs checked.

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 31-12-2012 at 05:36:59
Windows XP (X86)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 2047.36 MB
Available physical RAM: 1842.63 MB
Total Pagefile: 1878.02 MB
Available Pagefile: 1825.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:465.76 GB) (Free:241.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive e: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
======================================================================================================

****** End Of Log ******


Second run is with the 'List BCDs' checked.

ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 31-12-2012 at 05:41:13
Windows XP (X86)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 2047.36 MB
Available physical RAM: 1842.9 MB
Total Pagefile: 1878.02 MB
Available Pagefile: 1825.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 2008.25 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:465.76 GB) (Free:241.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive e: () (Removable) (Total:1.9 GB) (Free:1.75 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy
======================================================================================================

****** End Of Log ******

Thank you again for your assistance, congrats on your promotion to GeekU Senior, and I hope you have a Happy New Year's celebration or, at least, a happy new year.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP