Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP sp3 Trojan.startpage.1505


  • This topic is locked This topic is locked
53 replies to this topic

#1 mnygren

mnygren

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 28 September 2011 - 10:19 PM

Attached File  attach.txt   18.9KB   2 downloadsAttached File  attach.txt   18.9KB   2 downloads
Per Boopme, posting my combofix and dds logs.
Thanks again for your help.

Unable to ping host names in normal boot mode, but can ping them in safe boot.

I ran SuperAntispyware and it detected and cleaned trojan.startpage.1505 from c:\documents and settings\all users\application data\spybot search&destroy\snapshots2\regubp2b-miken.reg. Possible false positive ?? Still couldn't ping host names.
Tried reinstalling network cards- no change
Reset IP in netsh, no change
Ran Combofix (I know, I know) and not sure what it found. Couldn't find the combofix log file so ran it again. Here it is. Had to zip it due to length.
Mike

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 AM

Posted 03 October 2011 - 10:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421004 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 04 October 2011 - 05:59 PM

In addition to Trojan, malwarebyte scan from 9/20/11 and 9/21/11 found Malware.Packer.Gen on both scans, after quarantining and deleting. Included log files.

I have attached new DDS log and GMer Log.

Still can't ping host names in normal boot mode, but can in safe boot.

I have original OS cd's available if required.

Your help is appreciated.

Mike

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 05 October 2011 - 03:48 PM

Hello Mike,

Apologies for the delay. I will be assisting you.

Please give a clear description of the current issue. What do you mean by pinging the host name? What are the issues your are noticing and what are the steps you have already taken.

#5 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 October 2011 - 11:16 PM

Hello Farbar and thanks for your help.

If I boot into normal mode with windows, I can't access the internet. If I try to ping a host name, like www.yahoo.com, I get a no-reply. I can ping my gateway and I can even ping the DNS ip addresses given by my provider. I have reset the Tcpip in netsh (netsh int ip reset c:\resetlog), no change. I tried flushing the DNS cache, nothing. So, I started thinking it may be a virus. I scanned the system with Malwarebytes and found 1 file infected on 2 separate scans. Both quarantined. I still couldn't connect to the internet or ping host names. I tried booting in safe mode with networking and I could actually ping the host name and get online. Somewhere along the way I ran combo fix, twice. The last time was to get the combofix log as I may have deleted it. I also ran SuperAntiSpyware and it found the Trojan.startpage virus, but I think it may have been a false positive.

I'm running in safe mode now and can get online, just not in normal boot mode.

Thanks again for your help
Mike

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 06 October 2011 - 05:15 AM

Thanks for the feedback.

The logs don't show much suspicious activity except the two files removed by MBAM. We need to look deeper.

  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK:

      cmd /c dir /a/s/b C:\Qoobox >log.txt & log.txt
    • A text file opens up, copy and paste the content to your reply.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 06 October 2011 - 05:57 AM

Farbar-
Ok, here's log.txt:
C:\Qoobox\Add-Remove Programs.txt
C:\Qoobox\BackEnv
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\Quarantine
C:\Qoobox\SnapShot@2011-09-16_00.58.44.dat
C:\Qoobox\SnapShot_2011-09-28_21.31.18.dat
C:\Qoobox\BackEnv\AppData.folder.dat
C:\Qoobox\BackEnv\Cache.folder.dat
C:\Qoobox\BackEnv\Cookies.folder.dat
C:\Qoobox\BackEnv\Desktop.folder.dat
C:\Qoobox\BackEnv\Favorites.folder.dat
C:\Qoobox\BackEnv\History.folder.dat
C:\Qoobox\BackEnv\LocalAppData.folder.dat
C:\Qoobox\BackEnv\LocalSettings.folder.dat
C:\Qoobox\BackEnv\Music.folder.dat
C:\Qoobox\BackEnv\NetHood.folder.dat
C:\Qoobox\BackEnv\Personal.folder.dat
C:\Qoobox\BackEnv\Pictures.folder.dat
C:\Qoobox\BackEnv\PrintHood.folder.dat
C:\Qoobox\BackEnv\Profiles.Folder.dat
C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
C:\Qoobox\BackEnv\Programs.folder.dat
C:\Qoobox\BackEnv\Recent.folder.dat
C:\Qoobox\BackEnv\SendTo.folder.dat
C:\Qoobox\BackEnv\SetPath.bat
C:\Qoobox\BackEnv\StartMenu.folder.dat
C:\Qoobox\BackEnv\StartUp.folder.dat
C:\Qoobox\BackEnv\SysPath.dat
C:\Qoobox\BackEnv\Templates.folder.dat
C:\Qoobox\BackEnv\VikPev00
C:\Qoobox\Quarantine\C
C:\Qoobox\Quarantine\catchme.log
C:\Qoobox\Quarantine\Registry_backups
C:\Qoobox\Quarantine\C\Documents and Settings
C:\Qoobox\Quarantine\C\Program Files
C:\Qoobox\Quarantine\C\WINDOWS
C:\Qoobox\Quarantine\C\Documents and Settings\Admin
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings\Application Data\ApplicationHistory
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\joseph_l\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\GoToAssistDownloadHelper.exe.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\WINDOWS
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\temp
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\ADEDVR.exe.add1dd2.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\ApplyPatchSU.exe.e4d1e8df.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\DetectSchedulerSU.exe.8badc819.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\ImageViewer.exe.b66919e1.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\StartSuService.exe.ace7fffa.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.11a43946.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.921f7383.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.9c91b79.ini.vir
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\temp\60A44312-5C9AA76-FE42B1DF-788AD248
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\temp\60A44312-5C9AA76-FE42B1DF-788AD248\_a2d52_xp_.exe.zip
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\temp\60A44312-5C9AA76-FE42B1DF-788AD248\_e74aac_.exe.zip
C:\Qoobox\Quarantine\C\Documents and Settings\mike_n\Local Settings\temp\60A44312-5C9AA76-FE42B1DF-788AD248\_setup_.dll.zip
C:\Qoobox\Quarantine\C\Program Files\Google
C:\Qoobox\Quarantine\C\Program Files\Spyware Process Detector
C:\Qoobox\Quarantine\C\Program Files\Google\Common
C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater
C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\googleupdaterservice.exe.vir
C:\Qoobox\Quarantine\C\Program Files\Spyware Process Detector\spydetector.db1.vir
C:\Qoobox\Quarantine\C\Program Files\Spyware Process Detector\spydetector.db2.vir
C:\Qoobox\Quarantine\C\Program Files\Spyware Process Detector\spydetector.db3.vir
C:\Qoobox\Quarantine\C\Program Files\Spyware Process Detector\spydetector.db4.vir
C:\Qoobox\Quarantine\C\WINDOWS\iun6002.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32
C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\TPAPSLOG.LOG.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\TPHDLOG0.LOG.vir
C:\Qoobox\Quarantine\Registry_backups\AddRemove-Look@LAN_1.0.reg.dat
C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

And TDSSKiller- No Reboot Required.

05:45:17.0656 2624 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
05:45:19.0656 2624 ============================================================
05:45:19.0656 2624 Current date / time: 2011/10/06 05:45:19.0656
05:45:19.0656 2624 SystemInfo:
05:45:19.0656 2624
05:45:19.0656 2624 OS Version: 5.1.2600 ServicePack: 3.0
05:45:19.0656 2624 Product type: Workstation
05:45:19.0656 2624 ComputerName: SERVICETECH010
05:45:19.0656 2624 UserName: mike_n
05:45:19.0656 2624 Windows directory: C:\WINDOWS
05:45:19.0656 2624 System windows directory: C:\WINDOWS
05:45:19.0656 2624 Processor architecture: Intel x86
05:45:19.0656 2624 Number of processors: 2
05:45:19.0656 2624 Page size: 0x1000
05:45:19.0656 2624 Boot type: Normal boot
05:45:19.0656 2624 ============================================================
05:45:22.0718 2624 Initialize success
05:45:26.0687 2212 ============================================================
05:45:26.0687 2212 Scan started
05:45:26.0687 2212 Mode: Manual;
05:45:26.0687 2212 ============================================================
05:45:29.0375 2212 Abiosdsk - ok
05:45:29.0453 2212 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
05:45:29.0484 2212 abp480n5 - ok
05:45:29.0609 2212 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
05:45:29.0671 2212 ac97intc - ok
05:45:29.0890 2212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:45:29.0921 2212 ACPI - ok
05:45:30.0078 2212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:45:30.0078 2212 ACPIEC - ok
05:45:30.0296 2212 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
05:45:30.0328 2212 adpu160m - ok
05:45:30.0531 2212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:45:30.0531 2212 aec - ok
05:45:30.0937 2212 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys
05:45:30.0984 2212 AFD - ok
05:45:31.0140 2212 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
05:45:31.0156 2212 agp440 - ok
05:45:31.0312 2212 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
05:45:31.0328 2212 agpCPQ - ok
05:45:31.0421 2212 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
05:45:31.0453 2212 Aha154x - ok
05:45:31.0515 2212 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
05:45:31.0546 2212 aic78u2 - ok
05:45:31.0718 2212 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
05:45:31.0734 2212 aic78xx - ok
05:45:31.0828 2212 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
05:45:31.0843 2212 AliIde - ok
05:45:31.0968 2212 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
05:45:32.0015 2212 alim1541 - ok
05:45:32.0187 2212 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
05:45:32.0234 2212 amdagp - ok
05:45:32.0312 2212 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
05:45:32.0359 2212 amsint - ok
05:45:32.0531 2212 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
05:45:32.0531 2212 asc - ok
05:45:32.0718 2212 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
05:45:32.0734 2212 asc3350p - ok
05:45:32.0765 2212 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
05:45:32.0765 2212 asc3550 - ok
05:45:32.0875 2212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:45:32.0890 2212 AsyncMac - ok
05:45:32.0984 2212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:45:33.0015 2212 atapi - ok
05:45:33.0296 2212 Atdisk - ok
05:45:33.0421 2212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:45:33.0437 2212 Atmarpc - ok
05:45:33.0484 2212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:45:33.0500 2212 audstub - ok
05:45:33.0734 2212 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:45:33.0750 2212 b57w2k - ok
05:45:33.0796 2212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:45:33.0812 2212 Beep - ok
05:45:34.0046 2212 catchme - ok
05:45:34.0453 2212 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
05:45:34.0453 2212 cbidf - ok
05:45:34.0500 2212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:45:34.0500 2212 cbidf2k - ok
05:45:34.0562 2212 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
05:45:34.0593 2212 cd20xrnt - ok
05:45:34.0609 2212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:45:34.0671 2212 Cdaudio - ok
05:45:35.0015 2212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:45:35.0031 2212 Cdfs - ok
05:45:35.0062 2212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:45:35.0078 2212 Cdrom - ok
05:45:35.0250 2212 Changer - ok
05:45:35.0281 2212 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:45:35.0312 2212 CmBatt - ok
05:45:35.0406 2212 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
05:45:35.0421 2212 CmdIde - ok
05:45:35.0484 2212 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:45:35.0500 2212 Compbatt - ok
05:45:35.0796 2212 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
05:45:35.0812 2212 Cpqarray - ok
05:45:35.0937 2212 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
05:45:35.0984 2212 dac2w2k - ok
05:45:36.0375 2212 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
05:45:36.0406 2212 dac960nt - ok
05:45:36.0484 2212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:45:36.0500 2212 Disk - ok
05:45:36.0796 2212 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
05:45:36.0812 2212 DLABOIOM - ok
05:45:36.0906 2212 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
05:45:36.0906 2212 DLACDBHM - ok
05:45:37.0187 2212 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
05:45:37.0203 2212 DLADResN - ok
05:45:37.0250 2212 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
05:45:37.0296 2212 DLAIFS_M - ok
05:45:37.0468 2212 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
05:45:37.0484 2212 DLAOPIOM - ok
05:45:37.0671 2212 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
05:45:37.0687 2212 DLAPoolM - ok
05:45:37.0859 2212 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
05:45:37.0875 2212 DLARTL_N - ok
05:45:37.0906 2212 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
05:45:37.0937 2212 DLAUDFAM - ok
05:45:38.0109 2212 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
05:45:38.0140 2212 DLAUDF_M - ok
05:45:38.0703 2212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:45:38.0734 2212 dmboot - ok
05:45:39.0000 2212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:45:39.0015 2212 dmio - ok
05:45:39.0046 2212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:45:39.0046 2212 dmload - ok
05:45:39.0109 2212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:45:39.0125 2212 DMusic - ok
05:45:39.0203 2212 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
05:45:39.0250 2212 dot4 - ok
05:45:39.0609 2212 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
05:45:39.0609 2212 Dot4Print - ok
05:45:39.0687 2212 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
05:45:39.0703 2212 Dot4Scan - ok
05:45:39.0843 2212 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
05:45:39.0859 2212 dot4usb - ok
05:45:39.0937 2212 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
05:45:39.0984 2212 dpti2o - ok
05:45:40.0187 2212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:45:40.0187 2212 drmkaud - ok
05:45:40.0359 2212 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
05:45:40.0359 2212 DRVMCDB - ok
05:45:40.0531 2212 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
05:45:40.0546 2212 DRVNDDM - ok
05:45:40.0671 2212 DwProt (d33cfeb3404d47ad146040af6916beb6) C:\WINDOWS\system32\drivers\dwprot.sys
05:45:40.0687 2212 DwProt - ok
05:45:40.0828 2212 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
05:45:40.0859 2212 E100B - ok
05:45:41.0015 2212 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:45:41.0031 2212 eeCtrl - ok
05:45:41.0078 2212 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:45:41.0093 2212 EraserUtilRebootDrv - ok
05:45:41.0593 2212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:45:41.0656 2212 Fastfat - ok
05:45:41.0734 2212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:45:41.0750 2212 Fdc - ok
05:45:42.0093 2212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:45:42.0109 2212 Fips - ok
05:45:42.0171 2212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:45:42.0171 2212 Flpydisk - ok
05:45:42.0312 2212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:45:42.0328 2212 FltMgr - ok
05:45:42.0484 2212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:45:42.0484 2212 Fs_Rec - ok
05:45:42.0562 2212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:45:42.0578 2212 Ftdisk - ok
05:45:42.0656 2212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:45:42.0671 2212 Gpc - ok
05:45:42.0812 2212 HdAudAddService (8dc8b34992131eb4b4c71b1a47fdd21c) C:\WINDOWS\system32\drivers\CHDAudN.sys
05:45:42.0859 2212 HdAudAddService - ok
05:45:43.0187 2212 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:45:43.0328 2212 HDAudBus - ok
05:45:43.0515 2212 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:45:43.0531 2212 HidUsb - ok
05:45:43.0890 2212 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
05:45:44.0093 2212 hpn - ok
05:45:44.0796 2212 HSFHWAZL (26d99cb5d30f79e4459d855af690decd) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
05:45:44.0859 2212 HSFHWAZL - ok
05:45:45.0609 2212 HSF_DPV (491b8f394e56ff31d6740f7a34540716) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:45:45.0765 2212 HSF_DPV - ok
05:45:46.0234 2212 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
05:45:46.0312 2212 HTTP - ok
05:45:46.0500 2212 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
05:45:46.0515 2212 i2omgmt - ok
05:45:46.0906 2212 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
05:45:47.0000 2212 i2omp - ok
05:45:47.0234 2212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:45:47.0234 2212 i8042prt - ok
05:45:48.0515 2212 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
05:45:49.0734 2212 ialm - ok
05:45:50.0203 2212 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
05:45:50.0218 2212 iaStor - ok
05:45:50.0343 2212 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
05:45:50.0359 2212 IBMPMDRV - ok
05:45:50.0484 2212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:45:50.0500 2212 Imapi - ok
05:45:50.0718 2212 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
05:45:50.0734 2212 ini910u - ok
05:45:50.0906 2212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:45:50.0968 2212 IntelIde - ok
05:45:51.0265 2212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:45:51.0265 2212 intelppm - ok
05:45:51.0734 2212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:45:51.0750 2212 Ip6Fw - ok
05:45:52.0000 2212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:45:52.0015 2212 IpFilterDriver - ok
05:45:52.0343 2212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:45:52.0359 2212 IpInIp - ok
05:45:52.0765 2212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:45:52.0968 2212 IpNat - ok
05:45:53.0437 2212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:45:53.0453 2212 IPSec - ok
05:45:53.0890 2212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:45:53.0906 2212 IRENUM - ok
05:45:54.0406 2212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:45:54.0406 2212 isapnp - ok
05:45:54.0671 2212 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
05:45:54.0671 2212 Iviaspi - ok
05:45:55.0109 2212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:45:55.0125 2212 Kbdclass - ok
05:45:55.0515 2212 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:45:55.0515 2212 kbdhid - ok
05:45:55.0968 2212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:45:55.0968 2212 kmixer - ok
05:45:56.0578 2212 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
05:45:56.0593 2212 KSecDD - ok
05:45:56.0984 2212 lbrtfdc - ok
05:45:57.0156 2212 LGELTEBus (19581951cbc0c24d3487013e8dd2b95b) C:\WINDOWS\system32\DRIVERS\LGELTEBus.sys
05:45:57.0171 2212 LGELTEBus - ok
05:45:57.0312 2212 LGELTEmdm (365f4394574d800e4fbe1ec015649957) C:\WINDOWS\system32\DRIVERS\LGELTEmdm.sys
05:45:57.0312 2212 LGELTEmdm - ok
05:45:57.0750 2212 LGELTEMux (e4b2fa2a47dcb7aca0b8b6ac72b89dd4) C:\WINDOWS\system32\DRIVERS\LGELTEMux.sys
05:45:57.0750 2212 LGELTEMux - ok
05:45:57.0906 2212 LGELTENdis (b8c15ff34f59acd17aba7e0d703f9c26) C:\WINDOWS\system32\DRIVERS\LGELTENdis.sys
05:45:57.0921 2212 LGELTENdis - ok
05:45:58.0390 2212 LGELTEprt (9e6f0d73c555346ee596c4f7cbb1068d) C:\WINDOWS\system32\DRIVERS\LGELTEprt.sys
05:45:58.0406 2212 LGELTEprt - ok
05:45:58.0750 2212 mamovec (494daad7dab01d160c37ae7d99b00de6) C:\WINDOWS\system32\Drivers\mamovec.sys
05:45:58.0765 2212 mamovec - ok
05:45:59.0359 2212 mamovem (b2434b4f7827798abecd2103fb8f64a5) C:\WINDOWS\system32\Drivers\mamovem.sys
05:45:59.0375 2212 mamovem - ok
05:46:00.0046 2212 mamoveu (a1f1ba94c306fa8583df23b29e48c10d) C:\WINDOWS\system32\DRIVERS\mamoveu.sys
05:46:00.0046 2212 mamoveu - ok
05:46:00.0750 2212 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
05:46:00.0750 2212 MaVctrl - ok
05:46:01.0218 2212 MBAMSwissArmy - ok
05:46:02.0031 2212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:46:02.0046 2212 mdmxsdk - ok
05:46:02.0937 2212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:46:02.0953 2212 mnmdd - ok
05:46:03.0937 2212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:46:03.0937 2212 Modem - ok
05:46:04.0531 2212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:46:04.0546 2212 Mouclass - ok
05:46:05.0062 2212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:46:05.0062 2212 mouhid - ok
05:46:05.0703 2212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:46:05.0718 2212 MountMgr - ok
05:46:06.0281 2212 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
05:46:06.0375 2212 mraid35x - ok
05:46:07.0265 2212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:46:07.0343 2212 MRxDAV - ok
05:46:08.0406 2212 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:46:08.0578 2212 MRxSmb - ok
05:46:09.0375 2212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:46:09.0390 2212 Msfs - ok
05:46:10.0125 2212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:46:10.0125 2212 MSKSSRV - ok
05:46:10.0671 2212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:46:10.0687 2212 MSPCLOCK - ok
05:46:11.0203 2212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:46:11.0203 2212 MSPQM - ok
05:46:11.0265 2212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:46:11.0265 2212 mssmbios - ok
05:46:11.0328 2212 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
05:46:11.0343 2212 Mup - ok
05:46:11.0500 2212 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\naveng.sys
05:46:11.0500 2212 NAVENG - ok
05:46:12.0437 2212 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\navex15.sys
05:46:12.0468 2212 NAVEX15 - ok
05:46:12.0671 2212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:46:12.0687 2212 NDIS - ok
05:46:12.0734 2212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:46:12.0750 2212 NdisTapi - ok
05:46:12.0828 2212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:46:12.0828 2212 Ndisuio - ok
05:46:12.0875 2212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:46:12.0890 2212 NdisWan - ok
05:46:13.0156 2212 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
05:46:13.0156 2212 NDProxy - ok
05:46:13.0250 2212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:46:13.0250 2212 NetBIOS - ok
05:46:13.0328 2212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:46:13.0343 2212 NetBT - ok
05:46:14.0375 2212 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
05:46:14.0562 2212 NETw4x32 - ok
05:46:15.0453 2212 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
05:46:16.0046 2212 NETw5x32 - ok
05:46:16.0437 2212 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
05:46:16.0453 2212 nm - ok
05:46:16.0546 2212 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
05:46:16.0562 2212 NPF - ok
05:46:16.0671 2212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:46:16.0687 2212 Npfs - ok
05:46:16.0890 2212 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
05:46:17.0421 2212 NSNDIS5 - ok
05:46:17.0796 2212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:46:17.0828 2212 Ntfs - ok
05:46:18.0000 2212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:46:18.0000 2212 Null - ok
05:46:18.0437 2212 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:46:18.0484 2212 nv - ok
05:46:18.0750 2212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:46:18.0765 2212 NwlnkFlt - ok
05:46:18.0859 2212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:46:18.0859 2212 NwlnkFwd - ok
05:46:18.0984 2212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:46:19.0000 2212 Parport - ok
05:46:19.0265 2212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:46:19.0281 2212 PartMgr - ok
05:46:19.0453 2212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:46:19.0500 2212 ParVdm - ok
05:46:19.0734 2212 PcdrNdisuio - ok
05:46:19.0875 2212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:46:19.0875 2212 PCI - ok
05:46:20.0140 2212 PCIDump - ok
05:46:20.0265 2212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:46:20.0281 2212 PCIIde - ok
05:46:20.0578 2212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
05:46:20.0593 2212 Pcmcia - ok
05:46:20.0671 2212 PDCOMP - ok
05:46:20.0734 2212 PDFRAME - ok
05:46:20.0906 2212 PDRELI - ok
05:46:20.0921 2212 PDRFRAME - ok
05:46:21.0000 2212 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
05:46:21.0015 2212 perc2 - ok
05:46:21.0062 2212 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
05:46:21.0078 2212 perc2hib - ok
05:46:21.0250 2212 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
05:46:21.0250 2212 pmem - ok
05:46:21.0437 2212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:46:21.0453 2212 PptpMiniport - ok
05:46:21.0562 2212 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
05:46:21.0578 2212 PROCDD - ok
05:46:21.0640 2212 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:46:21.0656 2212 Processor - ok
05:46:21.0718 2212 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
05:46:21.0734 2212 psadd - ok
05:46:21.0968 2212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:46:21.0968 2212 PSched - ok
05:46:22.0046 2212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:46:22.0062 2212 Ptilink - ok
05:46:22.0140 2212 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:46:22.0156 2212 PxHelp20 - ok
05:46:22.0421 2212 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
05:46:22.0468 2212 ql1080 - ok
05:46:22.0500 2212 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
05:46:22.0515 2212 Ql10wnt - ok
05:46:22.0531 2212 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
05:46:22.0546 2212 ql12160 - ok
05:46:22.0562 2212 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
05:46:22.0578 2212 ql1240 - ok
05:46:22.0609 2212 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
05:46:22.0640 2212 ql1280 - ok
05:46:22.0765 2212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:46:22.0765 2212 RasAcd - ok
05:46:23.0171 2212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:46:23.0187 2212 Rasl2tp - ok
05:46:23.0656 2212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:46:23.0671 2212 RasPppoe - ok
05:46:24.0046 2212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:46:24.0046 2212 Raspti - ok
05:46:24.0500 2212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:46:24.0656 2212 Rdbss - ok
05:46:24.0968 2212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:46:24.0968 2212 RDPCDD - ok
05:46:25.0359 2212 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:46:25.0375 2212 rdpdr - ok
05:46:25.0593 2212 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
05:46:25.0609 2212 RDPWD - ok
05:46:25.0843 2212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:46:25.0843 2212 redbook - ok
05:46:26.0015 2212 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
05:46:26.0031 2212 s24trans - ok
05:46:26.0218 2212 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
05:46:26.0218 2212 SASDIFSV - ok
05:46:26.0234 2212 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
05:46:26.0250 2212 SASKUTIL - ok
05:46:26.0375 2212 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
05:46:26.0406 2212 SAVRT - ok
05:46:26.0406 2212 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
05:46:26.0421 2212 SAVRTPEL - ok
05:46:26.0703 2212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:46:26.0718 2212 Secdrv - ok
05:46:26.0796 2212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:46:26.0812 2212 serenum - ok
05:46:26.0859 2212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:46:26.0875 2212 Serial - ok
05:46:27.0125 2212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
05:46:27.0140 2212 Sfloppy - ok
05:46:27.0218 2212 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
05:46:27.0234 2212 Shockprf - ok
05:46:27.0250 2212 Simbad - ok
05:46:27.0359 2212 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
05:46:27.0406 2212 sisagp - ok
05:46:27.0687 2212 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
05:46:27.0687 2212 SONYPVU1 - ok
05:46:27.0765 2212 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
05:46:27.0765 2212 Sparrow - ok
05:46:27.0984 2212 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
05:46:28.0000 2212 SPBBCDrv - ok
05:46:28.0328 2212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:46:28.0328 2212 splitter - ok
05:46:28.0390 2212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:46:28.0390 2212 sr - ok
05:46:28.0484 2212 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
05:46:28.0500 2212 Srv - ok
05:46:28.0812 2212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:46:28.0812 2212 swenum - ok
05:46:29.0015 2212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:46:29.0062 2212 swmidi - ok
05:46:29.0359 2212 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
05:46:29.0453 2212 symc810 - ok
05:46:29.0531 2212 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
05:46:29.0546 2212 symc8xx - ok
05:46:29.0703 2212 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
05:46:29.0718 2212 SymEvent - ok
05:46:30.0312 2212 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
05:46:30.0312 2212 SYMREDRV - ok
05:46:30.0515 2212 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
05:46:30.0515 2212 SYMTDI - ok
05:46:30.0796 2212 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
05:46:30.0828 2212 sym_hi - ok
05:46:30.0953 2212 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
05:46:30.0968 2212 sym_u3 - ok
05:46:31.0093 2212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:46:31.0093 2212 sysaudio - ok
05:46:31.0187 2212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:46:31.0203 2212 Tcpip - ok
05:46:31.0234 2212 Tcpip6 (fb9f32acc1d3ad523f7ec900b66fc1bb) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
05:46:31.0250 2212 Tcpip6 - ok
05:46:31.0359 2212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:46:31.0375 2212 TDPIPE - ok
05:46:31.0593 2212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:46:31.0593 2212 TDTCP - ok
05:46:31.0640 2212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:46:31.0640 2212 TermDD - ok
05:46:31.0703 2212 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
05:46:31.0718 2212 tmcomm - ok
05:46:31.0781 2212 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
05:46:31.0781 2212 TosIde - ok
05:46:32.0015 2212 Tp4Track (a2840650de3b979e5de2a31101f27194) C:\WINDOWS\system32\DRIVERS\tp4track.sys
05:46:32.0031 2212 Tp4Track - ok
05:46:32.0109 2212 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
05:46:32.0125 2212 TPDIGIMN - ok
05:46:32.0171 2212 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
05:46:32.0187 2212 TPPWRIF - ok
05:46:32.0265 2212 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
05:46:32.0281 2212 TSMAPIP - ok
05:46:32.0359 2212 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
05:46:32.0375 2212 tunmp - ok
05:46:32.0609 2212 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
05:46:32.0609 2212 tvtfilter - ok
05:46:32.0656 2212 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
05:46:32.0671 2212 TVTI2C - ok
05:46:32.0750 2212 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
05:46:32.0765 2212 TVTPktFilter - ok
05:46:32.0812 2212 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
05:46:32.0828 2212 TwoTrack - ok
05:46:32.0875 2212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:46:32.0890 2212 Udfs - ok
05:46:33.0125 2212 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
05:46:33.0140 2212 ultra - ok
05:46:33.0218 2212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:46:33.0234 2212 Update - ok
05:46:33.0359 2212 USA19H (7b26eaec7d6ac6302ba62ca5fc25077d) C:\WINDOWS\system32\DRIVERS\USA19H2k.sys
05:46:33.0375 2212 USA19H - ok
05:46:33.0734 2212 USA19H2KP (83224ee0942360255e82a21c80e1d4df) C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS
05:46:33.0734 2212 USA19H2KP - ok
05:46:34.0265 2212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:46:34.0281 2212 usbccgp - ok
05:46:34.0390 2212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:46:34.0406 2212 usbehci - ok
05:46:34.0531 2212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:46:34.0546 2212 usbhub - ok
05:46:34.0593 2212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:46:34.0609 2212 usbprint - ok
05:46:34.0671 2212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:46:34.0687 2212 usbscan - ok
05:46:34.0734 2212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:46:34.0750 2212 USBSTOR - ok
05:46:34.0843 2212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:46:34.0843 2212 usbuhci - ok
05:46:34.0937 2212 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\download\virtual cd drive\VCdRom.sys
05:46:34.0953 2212 vcdrom - ok
05:46:35.0203 2212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:46:35.0203 2212 VgaSave - ok
05:46:35.0421 2212 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
05:46:35.0437 2212 viaagp - ok
05:46:35.0578 2212 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
05:46:35.0578 2212 ViaIde - ok
05:46:35.0687 2212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:46:35.0703 2212 VolSnap - ok
05:46:35.0750 2212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:46:35.0750 2212 Wanarp - ok
05:46:35.0812 2212 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:46:35.0828 2212 Wdf01000 - ok
05:46:35.0859 2212 WDICA - ok
05:46:35.0875 2212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:46:35.0890 2212 wdmaud - ok
05:46:36.0062 2212 winachsf (458b2e703b210683194158d639770588) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:46:36.0093 2212 winachsf - ok
05:46:36.0250 2212 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
05:46:36.0265 2212 WpdUsb - ok
05:46:36.0421 2212 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:46:36.0421 2212 WudfPf - ok
05:46:36.0531 2212 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:46:36.0546 2212 WudfRd - ok
05:46:36.0609 2212 MBR (0x1B8) (94225a6521cfbad0944b0a098907fb4f) \Device\Harddisk0\DR0
05:46:36.0625 2212 \Device\Harddisk0\DR0 - ok
05:46:36.0625 2212 Boot (0x1200) (e88a00ab1b5ebfe618003dcfcee16eb7) \Device\Harddisk0\DR0\Partition0
05:46:36.0640 2212 \Device\Harddisk0\DR0\Partition0 - ok
05:46:36.0640 2212 ============================================================
05:46:36.0640 2212 Scan finished
05:46:36.0640 2212 ============================================================
05:46:36.0656 2264 Detected object count: 0
05:46:36.0656 2264 Actual detected object count: 0
05:47:48.0281 4080 Deinitialize success

Mike

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 06 October 2011 - 09:46 AM

I would like to take a look at the log of the first run of ComboFix. Also we need to check the MBR as I suspect it is infected. Even thought TDSKiller didn't detect it, it confirmed my early suspicion. It is a unique MBR and most probably we need to fix it.

  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK: C:\Qoobox\ComboFix2.txt
    • A text file opens up, copy and paste the content to your reply.
  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.


#9 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 06 October 2011 - 09:56 PM

Ok, here's the 1st combo fix log:
ComboFix 11-09-15.04 - mike_n 09/15/2011 19:48:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.296 [GMT -5:00]
Running from: c:\download\combofix\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
c:\documents and settings\joseph_l\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\joseph_l\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\joseph_l\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\joseph_l\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
c:\documents and settings\mike_n\GoToAssistDownloadHelper.exe
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\ADEDVR.exe.add1dd2.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\ApplyPatchSU.exe.e4d1e8df.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\DetectSchedulerSU.exe.8badc819.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\ImageViewer.exe.b66919e1.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\StartSuService.exe.ace7fffa.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.11a43946.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.921f7383.ini
c:\documents and settings\mike_n\Local Settings\Application Data\ApplicationHistory\uts.exe.9c91b79.ini
c:\documents and settings\mike_n\WINDOWS
c:\program files\Spyware Process Detector
c:\program files\Spyware Process Detector\spydetector.db1
c:\program files\Spyware Process Detector\spydetector.db2
c:\program files\Spyware Process Detector\spydetector.db3
c:\program files\Spyware Process Detector\spydetector.db4
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))
.
.
2011-09-13 18:35 . 2011-09-13 18:35 -------- d-----w- c:\program files\Data Management Tool
2011-09-13 02:45 . 2011-09-13 02:45 -------- d-----w- c:\documents and settings\mike_n\Application Data\Smith Micro
2011-09-06 18:54 . 2011-09-06 18:54 -------- d-----w- c:\program files\Common Files\Java
2011-08-30 20:31 . 2011-08-30 20:31 -------- d-----w- c:\documents and settings\mike_n\Application Data\Verizon Wireless
2011-08-30 20:24 . 2011-08-30 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WEngineLite
2011-08-30 20:24 . 2011-08-30 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2011-08-30 20:24 . 2011-08-30 20:24 -------- d-----w- c:\program files\Verizon Wireless
2011-08-30 20:21 . 2010-11-04 14:50 33408 ----a-w- c:\windows\system32\drivers\LGELTEBus.sys
2011-08-30 20:21 . 2010-11-04 14:49 45568 ----a-w- c:\windows\system32\drivers\LGELTENdis.sys
2011-08-30 20:21 . 2010-11-04 14:49 102784 ----a-w- c:\windows\system32\drivers\LGELTEprt.sys
2011-08-30 20:21 . 2010-11-04 14:49 38016 ----a-w- c:\windows\system32\drivers\LGELTEMux.sys
2011-08-30 20:21 . 2010-11-04 14:50 101888 ----a-w- c:\windows\system32\drivers\LGELTEmdm.sys
2011-08-30 20:21 . 2011-08-30 20:21 -------- d-----w- c:\program files\LG Electronics
2011-08-18 20:48 . 2011-08-18 20:48 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-17 11:51 . 2011-07-08 11:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2006-04-30 06:55 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-04-30 06:55 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-04-30 06:55 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-04-30 06:55 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-04-30 06:55 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-01-03 19:33 . 2011-01-03 19:33 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-09-07 11:24 . 2011-05-08 15:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"RAMpage"="c:\program files\RAMpage\RAMpage.exe" [2001-01-06 10784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2010-01-15 93032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\mike_n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Look@LAN\\LookAtHost.exe"=
"c:\\Program Files\\Look@LAN\\LookAtLan.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=
"c:\\Documents and Settings\\mike_n\\My Documents\\work dox\\Software House\\ICU\\ICU.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\VUG\\VNSetup.exe"=
"c:\\Service Support\\Software House\\ICU 5.1\\ICU.exe"=
"c:\\Service Support\\Panasonic\\Panasonic IP Camera\\EasyIpSetup\\EasyIpSetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"60982:TCP"= 60982:TCP:btorrent
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 9:32 PM 19504]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\download\virtual cd drive\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe [11/12/2010 4:18 PM 144832]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 4:11 PM 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/1/2011 6:30 AM 105592]
R3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\LGELTEBus.sys [8/30/2011 3:21 PM 33408]
R3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\LGELTEmdm.sys [8/30/2011 3:21 PM 101888]
R3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\LGELTEMux.sys [8/30/2011 3:21 PM 38016]
R3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\LGELTENdis.sys [8/30/2011 3:21 PM 45568]
R3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\LGELTEprt.sys [8/30/2011 3:21 PM 102784]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [5/10/2007 11:34 AM 23152]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2011 11:17 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2011 11:17 PM 136176]
S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [1/12/2009 9:14 AM 24784]
S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [1/12/2009 9:14 AM 25044]
S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [1/12/2009 9:14 AM 48853]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 10:35 AM 50704]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2/29/2008 3:18 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2/29/2008 3:18 PM 44928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 18:50]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 18:50]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-682003330-5147Core.job
- c:\documents and settings\mike_n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 12:40]
.
2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-682003330-5147UA.job
- c:\documents and settings\mike_n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 12:40]
.
2011-03-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-02-14 16:22]
.
2011-09-12 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-03-31 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
IE: &Windows Live Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: {9F1C0B35-8230-4176-8B99-5C2485121A4E} - hxxp://192.168.12.211/program/SNCActiveXViewer.cab
FF - ProfilePath - c:\documents and settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1179867&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-1202660629-682003330-5147\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-09-15 20:03:32
ComboFix-quarantined-files.txt 2011-09-16 01:03
.
Pre-Run: 19,492,241,408 bytes free
Post-Run: 19,887,071,232 bytes free
.
- - End Of File - - ECA43260275121B1B2F82AF9185F0472

And the MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0140c00c

Kernel Drivers (total 163):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A7D000 \WINDOWS\system32\KDCOM.DLL
0xF798D000 \WINDOWS\system32\BOOTVID.dll
0xF744E000 ACPI.sys
0xF7A7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF743D000 pci.sys
0xF757D000 isapnp.sys
0xF7991000 compbatt.sys
0xF7995000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B45000 pciide.sys
0xF77FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF741F000 pcmcia.sys
0xF758D000 MountMgr.sys
0xF7400000 ftdisk.sys
0xF7A81000 dmload.sys
0xF73DA000 dmio.sys
0xF7805000 PartMgr.sys
0xF7999000 ACPIEC.sys
0xF7B46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF759D000 VolSnap.sys
0xF73C2000 atapi.sys
0xF7304000 iaStor.sys
0xF75AD000 disk.sys
0xF75BD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72E4000 fltmgr.sys
0xF72D2000 sr.sys
0xF72BC000 DRVMCDB.SYS
0xF729C000 dwprot.sys
0xF726F000 \WINDOWS\system32\drivers\NDIS.SYS
0xF780D000 \WINDOWS\system32\drivers\TDI.SYS
0xF75CD000 PxHelp20.sys
0xF7258000 KSecDD.sys
0xF7245000 WudfPf.sys
0xF71B8000 Ntfs.sys
0xF719C000 Apsx86.sys
0xF7815000 ApsHM86.sys
0xF7182000 Mup.sys
0xF70A9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF770D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF12E2000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF12CE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78E5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF12AA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78ED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF1282000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF1257000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF771D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF694F000 \SystemRoot\system32\DRIVERS\tp4track.sys
0xF693F000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF11E6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF78FD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A61000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A65000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF692F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7905000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7ADF000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF691F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF690F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF11C3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF790D000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xF7C2E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF68FF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF1E87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF11AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF68EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF68DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF119B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF68CF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7915000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF791D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF116B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF68BF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7925000 \SystemRoot\system32\DRIVERS\psadd.sys
0xF792D000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xF7AE3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF10DF000 \SystemRoot\system32\DRIVERS\update.sys
0xF1E77000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF778D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA700000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA90FA000 \SystemRoot\system32\drivers\CHDAudN.sys
0xA9090000 \SystemRoot\system32\drivers\portcls.sys
0xA98C6000 \SystemRoot\system32\drivers\drmk.sys
0xA8FBC000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA8ECA000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA8E17000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78D5000 \SystemRoot\System32\Drivers\Modem.SYS
0xA747E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA51AF000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xA518D000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xA5179000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF7ABF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B8C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ACB000 \SystemRoot\System32\Drivers\Beep.SYS
0xA93B3000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA8BAE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA6EA6000 \SystemRoot\System32\drivers\vga.sys
0xF7AE9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7825000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7885000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA5A36000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2D28000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2CCF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2C94000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA2C6E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF760D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2C46000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2C0E000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA2BEC000 \SystemRoot\System32\drivers\afd.sys
0xF766D000 \SystemRoot\system32\drivers\ip6fw.sys
0xAA2AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8D0F000 \??\C:\download\virtual cd drive\VCdRom.sys
0xA99F3000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA93C3000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA2B8A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA2B68000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF783D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA2B3D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2ACD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6183000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2A6F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA2A51000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA995B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA2993000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9832000 \SystemRoot\System32\drivers\Dxapi.sys
0xA93F3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B97000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xAA720000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xAA6E0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C68000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA297D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA7492000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7B43000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA93BB000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA2965000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA294F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA5A2E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5A26000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA2792000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA2807000 \SystemRoot\system32\DRIVERS\MaVc2K.sys
0xA9A1B000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xA26D9000 \SystemRoot\System32\Drivers\HTTP.sys
0xA24A7000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2511000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7ADD000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xA234F000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xA1733000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\navex15.sys
0xA171F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\naveng.sys
0xA15F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xA1913000 \SystemRoot\system32\drivers\sysaudio.sys
0xA1417000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xA122C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
1236 C:\WINDOWS\system32\smss.exe
1292 csrss.exe
1316 C:\WINDOWS\system32\winlogon.exe
1360 C:\WINDOWS\system32\services.exe
1372 C:\WINDOWS\system32\lsass.exe
1568 C:\WINDOWS\system32\ibmpmsvc.exe
1596 C:\WINDOWS\system32\svchost.exe
1684 svchost.exe
1808 C:\WINDOWS\system32\svchost.exe
1856 C:\WINDOWS\system32\svchost.exe
1948 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
192 svchost.exe
368 svchost.exe
444 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
512 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
676 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
736 C:\WINDOWS\system32\spoolsv.exe
224 svchost.exe
328 C:\WINDOWS\system32\IPSSVC.EXE
324 C:\Program Files\SUPERAntiSpyware\SASCore.exe
460 C:\Program Files\Symantec AntiVirus\DefWatch.exe
908 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1224 C:\WINDOWS\system32\svchost.exe
1296 C:\Program Files\Google\Update\GoogleUpdate.exe
1756 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1944 C:\Program Files\Java\jre6\bin\jqs.exe
2132 C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
2324 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2400 C:\WINDOWS\system32\svchost.exe
2656 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2864 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2896 C:\WINDOWS\system32\TPHDEXLG.exe
2928 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2956 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2984 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3028 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3084 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3148 C:\Program Files\Lenovo\System Update\SUService.exe
3288 wmpnetwk.exe
3800 unsecapp.exe
3936 alg.exe
3952 wmiprvse.exe
2176 C:\WINDOWS\explorer.exe
2080 C:\PROGRA~1\SYMANT~1\VPTray.exe
3604 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
2296 C:\WINDOWS\system32\TpShocks.exe
3496 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
1468 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2712 C:\Program Files\RAMpage\RAMpage.exe
2372 C:\WINDOWS\system32\igfxpers.exe
2276 C:\WINDOWS\system32\igfxsrvc.exe
3932 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2256 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
2248 C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
1964 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
2520 C:\Program Files\Symantec AntiVirus\DoScan.exe
2692 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
3684 C:\WINDOWS\system32\hkcmd.exe
3244 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
3592 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3556 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3480 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
3316 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
696 C:\WINDOWS\system32\ctfmon.exe
1868 C:\WINDOWS\system32\wuauclt.exe
3632 C:\download\MBRcheck\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS542580K9SA00, Rev: BBBZC3HP

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B68E351C84A33D71CD3E7447306705CAD93F98D7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Looks like some type of MBR code was found. What lead you think it was potentially MBR?
Thanks again,
Mike

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 07 October 2011 - 02:44 AM

Hi Mike,

At the start Malwarebytes found those suspicious/infected files but the logs showed no active malware. The TDSSKiller showed a unique MBR. But still I'm not sure as we don't have a positive detection yet. Since you have Windows CD it will be safe to fix MBR but I wanted to see why your are loosing connection in normal mode.

Note: You may download MiniToolBox and OTL in Safe Mode with networking but please run both of them in normal mode.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @echo off
    c:\windows\MBR.exe -c 0 1 MBR.zip
    echo.&echo. Done!
    echo.
    pause
    

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this: Posted Image
    • Double-click to run it.
    • The command prompt shows "Done!". Press a key to exit. A file will be made on your desktop (MBR.zip). Please attach it to your next reply.
  • I see some files from Dr.Web but no entry on Add/Remove programs, have you uninstalled it? If not see if you can find the uninstaller in the folder of Dr.Web in the C:\Program Files directory. It could be also here: Start =>All Programs => Dr.Web => Uninstall
    IN case you found it please uninstall it.
  • Boot into Safe Mode with network, boot to your usual account. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer log
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please copy and paste only OTL.txt to your reply:


#11 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 07 October 2011 - 06:32 AM

Farbar-
Like the minitoolbox, nice job.

I did uninstall Dr Web before, but noticed lingering files and references as well. I have CCleaner that I can run later to clean up if needed.

Thanks again.
Mike

MBAM Quick scan:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7892

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

10/7/2011 5:13:04 AM
mbam-log-2011-10-07 (05-13-04).txt

Scan type: Quick scan
Objects scanned: 210185
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MTB Result.txt

MiniToolBox by Farbar
Ran by mike_n (administrator) on 07-10-2011 at 05:35:57
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : servicetech010

Primary Dns Suffix . . . . . . . : adventsystems.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : adventsystems.com

cable.rcn.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : cable.rcn.com

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-1E-37-22-73-42

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21e:37ff:fe22:7342%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.59.247.45

208.59.247.46

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Friday, October 07, 2011 5:34:49 AM

Lease Expires . . . . . . . . . . : Saturday, October 08, 2011 5:34:49 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : cable.rcn.com

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-69

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.105%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.59.247.45

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.59.247.45

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 37 22 73 42 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.105 192.168.1.105 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 20
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 20
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 20
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/07/2011 05:25:10 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/07/2011 05:25:10 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/07/2011 05:25:08 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 09:48:29 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 09:14:22 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 08:54:03 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 07:50:29 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/06/2011 07:50:28 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 07:37:50 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/06/2011 07:37:31 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


System errors:
=============
Error: (10/07/2011 05:25:08 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ADVENTSYSTEMS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/07/2011 05:23:33 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/07/2011 05:20:47 AM) (Source: DCOM) (User: mike_n)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/07/2011 05:03:57 AM) (Source: DCOM) (User: mike_n)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/06/2011 09:49:15 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/06/2011 09:15:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
SASDIFSV
SASKUTIL
SAVRT
SAVRTPEL
SPBBCDrv
SYMTDI
TPPWRIF
TSMAPIP

Error: (10/06/2011 09:14:23 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ADVENTSYSTEMS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/06/2011 08:00:51 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/06/2011 07:52:06 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (10/06/2011 07:50:29 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ADVENTSYSTEMS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================

**** End of log ****

OTL File
OTL logfile created on: 10/7/2011 5:41:06 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\mike_n\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.35 Mb Total Physical Memory | 239.96 Mb Available Physical Memory | 23.66% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.96 Gb Total Space | 22.32 Gb Free Space | 32.36% Space Free | Partition Type: NTFS

Computer Name: SERVICETECH010 | User Name: mike_n | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 05:06:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike_n\Desktop\OTL.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/11/12 16:18:08 | 000,144,832 | ---- | M] () -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
PRC - [2009/09/28 18:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/29 13:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/08/03 19:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/07 05:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2001/01/05 22:00:00 | 000,010,784 | ---- | M] () -- C:\Program Files\RAMpage\RAMpage.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 17:09:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/11 07:20:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 07:17:17 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/15 19:24:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/11/12 16:18:08 | 000,144,832 | ---- | M] () -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
MOD - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2001/01/05 22:00:00 | 000,010,784 | ---- | M] () -- C:\Program Files\RAMpage\RAMpage.exe


========== Win32 Services (All) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/04 04:52:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/11/12 16:18:08 | 000,144,832 | ---- | M] () [Auto | Running] -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe -- (LGE NDIS Connection Service)
SRV - [2010/10/16 13:50:24 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2010/10/16 13:50:24 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/12/23 10:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/14 05:42:42 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:42:40 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 05:42:40 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:36 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:42:36 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 05:42:34 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:28 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 05:42:26 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 05:42:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 05:42:16 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 05:42:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 05:42:10 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 05:42:10 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 05:42:10 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2008/04/14 05:42:10 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/14 05:42:08 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 05:42:08 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:06 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 05:42:06 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:04 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2psvc.dll -- (PNRPSvc)
SRV - [2008/04/14 05:42:04 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2psvc.dll -- (p2psvc)
SRV - [2008/04/14 05:42:04 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2psvc.dll -- (p2pimsvc)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 05:42:04 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 05:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 05:41:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 05:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 05:41:54 | 000,246,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 05:41:50 | 000,100,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\6to4svc.dll -- (6to4)
SRV - [2008/04/14 05:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/10/16 21:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/08/03 19:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/10/26 17:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/14 13:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/09/17 15:32:16 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/08/18 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110914.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110914.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/30 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/30 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/04 09:50:12 | 000,033,408 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEBus.sys -- (LGELTEBus)
DRV - [2010/11/04 09:50:02 | 000,101,888 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEmdm.sys -- (LGELTEmdm)
DRV - [2010/11/04 09:49:48 | 000,038,016 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEMux.sys -- (LGELTEMux)
DRV - [2010/11/04 09:49:36 | 000,045,568 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTENdis.sys -- (LGELTENdis)
DRV - [2010/11/04 09:49:26 | 000,102,784 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEprt.sys -- (LGELTEprt)
DRV - [2010/01/15 15:53:42 | 000,023,152 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/08/01 08:22:54 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/07/22 08:45:56 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/14 10:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2008/12/23 10:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 05:43:24 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 05:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 05:43:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 05:43:22 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 00:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 00:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 00:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 00:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 00:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 00:47:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/14 00:47:02 | 000,456,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2008/04/14 00:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 00:45:12 | 000,334,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2008/04/14 00:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 00:30:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 00:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 00:27:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/14 00:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 00:27:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 00:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 00:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 00:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 00:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 00:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 00:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 00:26:02 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp)
DRV - [2008/04/14 00:26:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 00:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 00:23:54 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2008/04/14 00:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 00:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 00:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 00:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 00:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 00:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 00:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/14 00:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 00:14:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 00:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 00:11:24 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/14 00:11:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 00:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 00:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 00:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/14 00:10:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/14 00:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/14 00:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/14 00:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 00:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 00:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/14 00:10:12 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 00:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/14 00:09:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 00:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/14 00:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 00:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 00:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 00:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/14 00:06:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/14 00:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 00:06:42 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/14 00:06:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:06:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/14 00:06:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/14 00:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/14 00:03:30 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 00:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/14 00:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 00:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 00:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 00:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 00:01:44 | 000,092,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/04/14 00:01:34 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 00:01:32 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 22:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:39:46 | 000,206,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/02/13 23:51:52 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/02/13 23:51:29 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/02/13 23:50:45 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/12/06 11:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/29 13:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/16 21:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 21:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/08/13 15:50:42 | 000,048,853 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamoveu.sys -- (mamoveu)
DRV - [2007/08/08 20:28:50 | 005,765,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/31 05:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/22 18:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/01 21:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/04/30 09:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/27 02:00:58 | 000,666,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - [2007/03/25 08:43:00 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/25 08:43:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/25 08:42:00 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/02/12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 15:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/16 11:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/06/19 01:26:00 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/01 06:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/16 19:13:12 | 000,025,044 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamovem.sys -- (mamovem)
DRV - [2005/06/16 19:11:58 | 000,024,784 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamovec.sys -- (mamovec)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/24 21:30:18 | 000,727,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2003/06/24 21:21:20 | 000,044,928 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USA19H2kp.sys -- (USA19H2KP)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\download\virtual cd drive\VCdRom.sys -- (vcdrom)
DRV - [2001/08/17 16:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 16:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
DRV - [2001/08/17 16:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
DRV - [2001/08/17 16:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 16:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 15:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2001/08/17 15:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 15:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 15:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 15:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 15:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 15:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
DRV - [2001/08/17 15:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:47:32 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2001/08/17 14:47:32 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2001/08/17 14:47:32 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4scan.sys -- (Dot4Scan)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 07:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-602162358-1202660629-682003330-5147\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Mafia Wars Helper Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1179867&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\mike_n\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/28 01:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 18:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 08:11:54 | 000,000,000 | ---D | M]

[2008/07/13 12:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Extensions
[2008/07/13 12:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/10/06 05:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\extensions
[2010/01/26 06:59:20 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/01/05 23:29:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\extensions\moveplayer@movenetworks.com
[2009/10/06 03:43:00 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\searchplugins\conduit.xml
[2011/09/06 13:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 18:43:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/04 08:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 05:54:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 16:29:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/06 13:54:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE_N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DYN5TJNU.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE_N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DYN5TJNU.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE_N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DYN5TJNU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE_N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DYN5TJNU.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE_N\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DYN5TJNU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/03/28 01:44:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/29 18:43:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/03 14:33:07 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/01/03 14:33:03 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/09/29 18:43:52 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/07/24 09:18:14 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/09/29 18:43:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/07/24 09:18:14 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/09/29 18:43:52 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/09/29 18:43:52 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/09/29 18:43:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/09/29 18:43:52 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.4.30.4\plugin/blackfishietab.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\mike_n\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: AdBlock = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.31_0\
CHR - Extension: IE Tab = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.7.14.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Browser Button for AdBlock = C:\Documents and Settings\mike_n\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\picdndbpdnapajibahnnogkjofaeooof\0.0.13_0\

O1 HOSTS File: ([2011/09/28 16:31:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-1202660629-682003330-5147\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RAMpage] C:\Program Files\RAMpage\RAMpage.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKU\S-1-5-21-602162358-1202660629-682003330-5147..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-602162358-1202660629-682003330-5147\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1202660629-682003330-5147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204306876546 (MUWebControl Class)
O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} http://10.73.179.208/program/SonyNetworkCameraViewer.cab (Sony Network Camera Viewer Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9F1C0B35-8230-4176-8B99-5C2485121A4E} http://192.168.12.211/program/SNCActiveXViewer.cab (SNCActiveXViewerControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://adventsystems.webex.com/client/T27LB/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adventsystems.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68F5AC3-AA03-40CE-BE66-B31DA577BBE8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 05:06:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike_n\Desktop\OTL.exe
[2011/09/28 16:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/28 16:22:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/25 16:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vision
[2011/09/25 16:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Foundstone
[2011/09/25 16:32:35 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/09/24 15:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike_n\Application Data\SUPERAntiSpyware.com
[2011/09/24 15:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/24 15:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/20 22:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/20 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/20 22:25:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/20 21:25:57 | 000,000,000 | ---D | C] -- C:\event logs
[2011/09/20 19:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/19 23:09:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/19 22:36:45 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/09/19 22:36:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/09/19 22:36:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2011/09/19 22:36:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/09/19 22:36:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/09/19 22:36:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2011/09/19 22:36:32 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/09/19 22:36:32 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/09/19 22:36:32 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/09/19 22:36:32 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/09/19 22:36:32 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/09/19 22:36:32 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/09/19 22:36:32 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/09/19 22:36:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/09/19 22:36:32 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/09/19 22:36:32 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/09/19 22:36:32 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/09/19 22:36:31 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/09/19 22:36:31 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/09/19 22:36:31 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/09/19 22:36:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/09/19 22:36:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/09/19 22:36:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/09/19 22:36:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/09/19 22:36:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/09/19 22:36:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/09/19 22:36:30 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/09/19 22:36:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/09/19 22:36:30 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/09/19 22:36:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/09/19 22:36:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/09/19 22:36:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/09/19 22:36:28 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/09/19 22:36:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/09/19 22:36:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/09/19 22:36:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/09/19 22:36:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/09/19 22:36:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/09/19 22:36:27 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/09/19 22:36:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/09/19 22:36:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/09/19 22:36:27 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/09/19 22:36:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/09/19 22:36:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/09/19 22:36:26 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/09/19 22:36:26 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/09/19 22:36:26 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/09/19 22:36:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/09/19 22:36:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/09/19 22:36:25 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/09/19 22:36:25 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/09/19 22:36:25 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/09/19 22:36:25 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/09/19 22:36:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/09/19 22:36:25 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/09/19 22:36:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/09/19 22:36:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/09/19 22:36:24 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/09/19 22:36:23 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/09/19 22:36:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/09/19 22:36:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/09/19 22:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/19 22:30:22 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/09/19 22:30:22 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/09/19 22:30:22 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/09/19 22:30:22 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/09/19 22:30:22 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/09/19 22:30:22 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/09/19 22:30:22 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/09/19 22:30:20 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/09/19 22:30:20 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/09/19 22:30:20 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/09/19 22:30:20 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/09/19 22:30:20 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/09/19 22:30:20 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/09/19 22:30:20 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/09/19 22:30:20 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/09/19 22:30:20 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/09/19 22:30:19 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/09/19 22:30:19 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/09/19 22:30:19 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/09/19 22:30:19 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/09/19 22:30:19 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/09/19 22:30:19 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/09/19 22:30:19 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/09/19 22:30:19 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/09/19 22:30:19 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/09/19 22:30:19 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/09/19 22:30:19 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/09/19 22:30:19 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/09/19 22:30:19 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/09/19 22:30:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/09/19 22:30:18 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/09/19 22:30:18 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/09/19 22:30:18 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/09/19 22:30:18 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/09/19 22:30:18 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/09/19 22:30:18 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/09/19 22:30:16 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/09/19 22:30:16 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/09/19 22:30:15 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/09/19 22:30:15 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/09/19 22:30:15 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/09/19 22:30:15 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/09/19 22:30:15 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/09/19 22:30:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/09/19 22:30:15 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/09/19 22:30:14 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/09/19 22:30:14 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/09/19 22:30:14 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/09/19 22:30:14 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/09/19 22:30:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/09/19 22:30:13 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/09/19 22:30:13 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/09/19 22:30:13 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/09/19 22:30:13 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/09/19 22:30:13 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/09/19 22:30:13 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/09/19 22:30:13 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/09/19 22:23:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/09/17 15:32:16 | 000,135,032 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2011/09/17 14:29:16 | 000,000,000 | ---D | C] -- C:\superantispyware
[2011/09/17 03:36:02 | 000,000,000 | ---D | C] -- C:\dr-web
[2011/09/16 09:12:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mike_n\Recent
[2011/09/15 19:25:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/15 19:25:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/15 19:25:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/15 19:25:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/15 19:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/15 19:17:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/12 21:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike_n\Application Data\Smith Micro
[2011/09/12 09:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike_n\My Documents\SonyNetworkCamera
[2011/09/12 09:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike_n\My Documents\Sony
[2011/09/12 09:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SNC toolbox
[2011/09/08 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike_n\My Documents\Dylan School
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 05:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 05:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 05:26:20 | 000,025,406 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011/10/07 05:25:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2011/10/07 05:24:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/07 05:24:43 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 05:23:29 | 000,000,240 | RHS- | M] () -- C:\boot.ini
[2011/10/07 05:21:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\MBR.zip
[2011/10/07 05:06:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike_n\Desktop\OTL.exe
[2011/10/07 05:06:18 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\MiniToolBox.exe
[2011/10/07 05:03:58 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\look.bat
[2011/10/06 20:15:17 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-682003330-5147UA.job
[2011/10/06 20:15:17 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1202660629-682003330-5147Core.job
[2011/10/04 21:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/03 18:44:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 22:18:23 | 000,079,282 | ---- | M] () -- C:\ComboFix.zip
[2011/09/28 16:31:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/28 14:40:15 | 000,000,258 | ---- | M] () -- C:\Boot.bak
[2011/09/28 13:54:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mike_n\defogger_reenable
[2011/09/28 13:54:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\Defogger.exe
[2011/09/28 06:19:24 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/25 15:25:35 | 000,668,956 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\100MEDIA$IMAG0427.jpg
[2011/09/24 15:36:03 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/22 22:14:55 | 000,445,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/22 22:14:54 | 000,073,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/21 09:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/20 19:37:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\qxdlxb3w.exe
[2011/09/20 03:12:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/19 23:15:34 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\Command Prompt.lnk
[2011/09/19 23:08:41 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/19 22:29:51 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/09/19 22:04:20 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\mike_n\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/19 22:03:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/19 22:03:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/19 19:56:04 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\mike_n\resetlog
[2011/09/19 19:56:00 | 000,003,584 | ---- | M] () -- C:\resetlog
[2011/09/17 15:32:16 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2011/09/14 19:12:23 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\mike_n\My Documents\9-14-11 system event log.evt
[2011/09/14 12:49:59 | 000,017,169 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\WB5326_sysdrawing.jpg
[2011/09/11 08:42:14 | 000,018,928 | ---- | M] () -- C:\Documents and Settings\mike_n\Desktop\911_flag2.jpg
[2011/09/11 08:30:40 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\mike_n\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 05:28:57 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\MiniToolBox.exe
[2011/10/07 05:24:43 | 1063,694,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/07 05:21:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\MBR.zip
[2011/10/07 05:03:58 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\look.bat
[2011/09/29 06:22:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 22:18:23 | 000,079,282 | ---- | C] () -- C:\ComboFix.zip
[2011/09/28 16:22:22 | 000,000,258 | ---- | C] () -- C:\Boot.bak
[2011/09/28 16:22:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/28 13:54:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mike_n\defogger_reenable
[2011/09/28 13:53:59 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\Defogger.exe
[2011/09/25 15:25:33 | 000,668,956 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\100MEDIA$IMAG0427.jpg
[2011/09/24 15:36:03 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/20 21:22:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\qxdlxb3w.exe
[2011/09/19 22:30:19 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/09/19 22:30:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/09/19 22:30:15 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/09/19 19:56:04 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\mike_n\resetlog
[2011/09/19 19:56:00 | 000,003,584 | ---- | C] () -- C:\resetlog
[2011/09/15 19:25:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/15 19:25:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/15 19:25:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/15 19:25:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/15 19:25:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/14 20:52:35 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:12:23 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\mike_n\My Documents\9-14-11 system event log.evt
[2011/09/14 12:49:55 | 000,017,169 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\WB5326_sysdrawing.jpg
[2011/09/11 08:42:12 | 000,018,928 | ---- | C] () -- C:\Documents and Settings\mike_n\Desktop\911_flag2.jpg
[2011/08/26 09:37:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mike_n\Local Settings\Application Data\PUTTY.RND
[2011/02/23 06:32:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/22 06:48:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2010/05/05 09:58:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\SonyNetworkCameraViewer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/28 20:20:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/25 22:01:07 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\mike_n\Local Settings\Application Data\fusioncache.dat
[2009/01/21 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/01/21 16:02:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/01/12 10:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2009/01/12 09:20:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2009/01/12 09:11:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/12/23 10:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/12/16 13:43:12 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/16 13:43:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/14 23:32:43 | 000,106,272 | ---- | C] () -- C:\WINDOWS\System32\snmpoids.dll
[2008/06/21 10:04:38 | 000,002,174 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2008/06/21 10:03:59 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/04/06 14:30:39 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\mike_n\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 06:11:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2008/03/18 20:10:52 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/18 19:40:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/03/11 22:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/29 15:18:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
[2008/02/29 15:18:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
[2008/02/14 00:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/13 23:48:53 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2008/02/13 23:44:04 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/13 23:42:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/13 23:42:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/13 23:42:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/13 23:42:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/13 23:42:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/13 23:42:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/13 23:35:26 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/13 23:35:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/02/13 23:31:15 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2008/02/13 23:31:15 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/02/13 23:25:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/07/27 01:37:40 | 000,025,406 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 01:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/05/10 11:34:13 | 000,006,218 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2007/01/16 10:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,445,946 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,073,298 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/21 18:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/09/02 14:20:46 | 000,417,896 | ---- | C] () -- C:\WINDOWS\System32\U25IDAutomation.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\mike_n\Desktop\secure.pdf:SummaryInformation

< End of report >

Attached Files

  • Attached File  MBR.zip   512bytes   3 downloads


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 07 October 2011 - 07:50 AM

Glad you like the tool Mike.:)

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions

The MBR is unique but it doesn't contain any known infection. We leave it alone for the moment and concentrate on the connection issue.

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      DRV - [2011/09/17 15:32:16 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1179867&SearchSource=3&q={searchTerms}"
      [2009/10/06 03:43:00 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\searchplugins\conduit.xml
      O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      
      :commands
      [emptytemp]
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • OTL should need a reboot, if not please reboot anyway and test the connection. If the issue is not resolved move to the next step.
  • Go to Add/Remove programs and uninstall the following (you need to install Symantec again after getting connected in normal mode):

    SUPERAntiSpyware
    Spybot - Search & Destroy
    Symantec AntiVirus
    LiveUpdate 3.1 (Symantec Corporation)

  • Reboot and test the connection and tell me about it.


#13 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 07 October 2011 - 05:23 PM

Farbar-
By p2p do you mean bittorrent?

I ran the otl script while in safe mode with networking. It rebooted, but did not provide a log. I changed boot mode to normal and reboot, then it ran the rest of OTL and created a log file. Hopefully running it first in safe mode won't make a difference. Here' s the log:
All processes killed
========== OTL ==========
Error: Unable to stop service DwProt!
Unable to delete service\driver key DwProt.
File move failed. C:\WINDOWS\system32\drivers\dwprot.sys scheduled to be moved on reboot.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1179867&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12533597 bytes
->Flash cache emptied: 405 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: joseph_l
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 13425527 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: mike_n
->Temp folder emptied: 82491604 bytes
->Temporary Internet Files folder emptied: 13397808 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 173060450 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1584679 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 450075 bytes
%systemroot%\System32 .tmp files removed: 4756 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10072011_170201

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\dwprot.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\05dbee07 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\07211c5e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0ae93d70 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0bfa2d5e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0cc859a0 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0f602a11 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0f7898ff scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\108836a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\11c5ac45 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\11e52071 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\160fb61f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\17e01be4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\18b761e1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\1a7a71a2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\1c681ce1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\20fe1099 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\24abb97b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2575ed5d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\27381f69 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\27d2f800 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2d070090 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2d8a88ef scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2dfe7dc3 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2fd02d54 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\30fcb344 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\31cb93f8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\347ca1fd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\35c69a5c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\38764232 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\3df8ad2d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\415110ca scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\438d8efb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\45b95554 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\45c17991 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\478283af scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\486f4e29 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4aff28b6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4b6f096f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4be98c0b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4da3f1af scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4dabd838 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4dbc1b65 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4e45a44d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4f713614 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\50477308 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\52a0b203 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\5382be3b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\54ec19c4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\55e8a96b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\56cc8d7d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\58e09779 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\5d257100 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\644efa5f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\66a83036 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\678b49e6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\69d4bc5a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6a48f5fe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6bb3980a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6caff12b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6ffffbc4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\71941308 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7300d9f1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\74f13f38 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\76a28fc2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7c5d3ba4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7c9223fe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7dc3871a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\85052903 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\871adc75 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\88bd731a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\8b96d4d8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\8fd66ce5 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\91bb02f2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9214a2ec scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\92b36d48 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9406d8f4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\97c0f05e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\97e70b9d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9b55d19c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9c46b5b8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9fa783c7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a2d52_xp.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a3091a38 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a371c8a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a3c6bb34 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a4d9d7d9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a561047a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a5782334 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a60e9cb6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a7643a43 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a9940a9e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\aa9ab0a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ad765e11 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae53a706 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae626cdf scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae6bc47d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\af71d6d2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b3f6e628 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b41b3ba9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b50656fb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b701b20a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b8a5f6cc scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bc861a12 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bd6ac115 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bd9625bd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\be-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bg-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c02ebe10 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c041a44d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c48c3907 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c7b4e64a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c8518c8a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ca625056 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cd014914 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ce841010 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cf03cfc9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cf05741c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cn-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cs-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d0a0eabd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d413cc79 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d4543729 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d4c8c344 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d704e7f7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d86c4e32 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d95f7aa0 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\dd920ce8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\de-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\dfca4164 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e3fa5d3c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e63686dc scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e7378952 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e74aac.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e74aac.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e8c39e72 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ea234463 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ea7956a9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\eb8974f2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ee5d2338 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\efbeeb36 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\el-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\en-scan.chm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\eo-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\es-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\et-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f115ab7d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f296b654 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f5b4721e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f60e85b7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f6548b37 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f7dd48cd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fa42e3a4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fbea24e8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fd9b9614 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fdb53b7b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\hu-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\it-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ja-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ko-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\lt-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\lv-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\nl-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\no-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\pl-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\pt-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ru-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ru-scan.chm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup.key scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup_xp.ini scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\sk-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\sr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\tr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\uk-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\uz-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\zh-scan scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I tried to ping host names, no go. Should I have run this in normal mode? I will wait to perform the removal of software if I should run this in normal mode.

Thanks, Mike

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:33 PM

Posted 07 October 2011 - 05:33 PM

Yes, by p2p I meant bittorrent.

OTL doesn't confirm removing the leftover service of Doctor Web. Please run the fix once more, this time in normal mode, when needed to reboot please reboot to normal mode. Please post the log.

#15 mnygren

mnygren
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 07 October 2011 - 06:20 PM

Ok, here's the log after running and rebooting, all in normal mode.
All processes killed
========== OTL ==========
Error: Unable to stop service DwProt!
Unable to delete service\driver key DwProt.
File move failed. C:\WINDOWS\system32\drivers\dwprot.sys scheduled to be moved on reboot.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1179867&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
File C:\Documents and Settings\mike_n\Application Data\Mozilla\Firefox\Profiles\dyn5tjnu.default\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: joseph_l
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mike_n
->Temp folder emptied: 81391070 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12590919 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10072011_175624

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\dwprot.sys scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\05dbee07 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\07211c5e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0ae93d70 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0bfa2d5e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0cc859a0 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0f602a11 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\0f7898ff scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\108836a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\11c5ac45 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\11e52071 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\160fb61f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\17e01be4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\18b761e1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\1a7a71a2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\1c681ce1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\20fe1099 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\24abb97b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2575ed5d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\27381f69 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\27d2f800 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2d070090 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2d8a88ef scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2dfe7dc3 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\2fd02d54 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\30fcb344 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\31cb93f8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\347ca1fd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\35c69a5c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\38764232 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\3df8ad2d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\415110ca scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\438d8efb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\45b95554 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\45c17991 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\478283af scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\486f4e29 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4aff28b6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4b6f096f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4be98c0b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4da3f1af scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4dabd838 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4dbc1b65 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4e45a44d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\4f713614 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\50477308 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\52a0b203 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\5382be3b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\54ec19c4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\55e8a96b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\56cc8d7d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\58e09779 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\5d257100 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\644efa5f scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\66a83036 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\678b49e6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\69d4bc5a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6a48f5fe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6bb3980a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6caff12b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\6ffffbc4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\71941308 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7300d9f1 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\74f13f38 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\76a28fc2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7c5d3ba4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7c9223fe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\7dc3871a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\85052903 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\871adc75 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\88bd731a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\8b96d4d8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\8fd66ce5 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\91bb02f2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9214a2ec scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\92b36d48 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9406d8f4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\97c0f05e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\97e70b9d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9b55d19c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9c46b5b8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\9fa783c7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a2d52_xp.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a3091a38 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a371c8a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a3c6bb34 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a4d9d7d9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a561047a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a5782334 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a60e9cb6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a7643a43 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\a9940a9e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\aa9ab0a6 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ad765e11 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae53a706 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae626cdf scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ae6bc47d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\af71d6d2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b3f6e628 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b41b3ba9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b50656fb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b701b20a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\b8a5f6cc scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bc861a12 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bd6ac115 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bd9625bd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\be-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\bg-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c02ebe10 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c041a44d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c48c3907 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c7b4e64a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\c8518c8a scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ca625056 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cd014914 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ce841010 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cf03cfc9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cf05741c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cn-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\cs-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d0a0eabd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d413cc79 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d4543729 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d4c8c344 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d704e7f7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d86c4e32 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\d95f7aa0 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\dd920ce8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\de-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\dfca4164 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e3fa5d3c scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e63686dc scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e7378952 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e74aac.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e74aac.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\e8c39e72 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ea234463 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ea7956a9 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\eb8974f2 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ee5d2338 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\efbeeb36 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\el-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\en-scan.chm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\eo-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\es-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\et-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f115ab7d scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f296b654 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f5b4721e scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f60e85b7 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f6548b37 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\f7dd48cd scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fa42e3a4 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fbea24e8 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fd9b9614 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fdb53b7b scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\fr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\hu-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\it-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ja-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ko-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\lt-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\lv-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\nl-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\no-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\pl-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\pt-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ru-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\ru-scan.chm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup.dll scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup.key scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\setup_xp.ini scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\sk-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\sr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\tr-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\uk-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\uz-scan scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\mike_n\Local Settings\Temp\60A44312-5C9AA76-FE42B1DF-788AD248\zh-scan scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\mike_n\Local Settings\Temp\TMPB.tmp not found!

Registry entries deleted on Reboot...


Still looks like it may have missed drweb.

Also, not sure if this is related, but I checked the security event log after running the first time. I've gotten this the past and was curious as to why windows firewall would block the process 184 DNScache. It tries numerous UDP ports, but I just listed one. I can include the saved event log file if you like.

10/7/2011 5:36:03 PM Security Failure Audit Detailed Tracking 861 NT AUTHORITY\NETWORK SERVICE SERVICETECH010 The Windows Firewall has detected an application listening for incoming traffic. I don't want to sidetrack, but I didn't see this listed in minitoolbox and was "just curious". I have another question as well, but don't want to sidetrack what we are doing.
Mike

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 184
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 58742
Allowed: No
User notified: No




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users