Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Zero Access


  • This topic is locked This topic is locked
21 replies to this topic

#1 gottavirus

gottavirus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 02 October 2011 - 03:55 PM

Last week a virus redirected my goggle searches. I ran Combofix which removed a fake NT$uninstall directory that was responsible. Everything seemed fine for about a week when I got one of those fake security popups saying I had a virus and needed to run a scan with a link provided in the popup. I decided to run Combofix again. It said I had rootkit zero access, and that it was in my tcpip settings (or something like that). After Combofix did it's thing, the popup virus was gone, however I was unable to connect to the internet (network connection says limited or no connectivity). I see that Combofix saved some of my registry tcpip settings in a quarintine file but didn't remove them from the registry. Anyway, at this point I'm not exactly sure if I still have a virus that is preventing internet access, or if perhaps Combofix did something undesirable while it was removing the popup virus. I've followed the directions given here and run both dds.scr and gmer.exe and attached the log files. Any ideas would be appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 04 October 2011 - 08:21 PM

As a followup to the above, I discovered that something is preventing the AFD network support environment service from starting at bootup. I've tried to manually start AFD in device manager but it gives error message saying "The system encountered the following error while attempting to start the service: the filename, directory name or volume label syntax is incorrect". I've checked and see that the file is present in windows/system32/drivers and the dllcache, so the file is there. I've also checked the registry key HKLM\system\currentcontrolset\services\afd and verified the image path is correct, it is: \systemroot\system32\drivers\afd.sys. BTW, I also took a look at HKLM\system\currentcontrolset\enum\root\LEGACY_AFD\0000\Control, and have noticed there is no ActiveService entry, and whenever I add one, it seems to disappear anytime I try to start the AFD service, almost makes me think something is overriding my changes to that key (a virus??). Not sure what else I might try, perhaps it's time to give up and reinstall windows.

#3 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 06 October 2011 - 07:35 PM

More troubleshooting, I found that I can delete the registry keys for the AFD service and legacy/root, and remove the service entirely from Device Manager. Then I can reload the registry keys for both and re-scan Device Manager, and lo and behold the AFD service is running! Seemed like a good result, but as soon as I try to connect to the internet (or even check my LAN status), the service is killed! Whaaa! When that happens a new value InitStartFailed=1 is created in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD just to let me know something failed. But it doesn't give me a clue what might have caused this, and when I attempt a restart in Device Manager it gives me the same unhelpful message: "The system encountered the following error while attempting to start the service: the filename, directory name or volume label syntax is incorrect". But obviously this message isn't telling much because as I indicated I am able to get the service running with the registry deletion and reload above, so I know there isn't a missing or wrong filename problem, at least not a real one, could be a virus creates a false path when I attempt to use the LAN. Oh joy!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 07 October 2011 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421607 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 07 October 2011 - 07:36 PM

Hello,

I've run DDS and attached the results below. I tried to run GMER but get an error saying "LoadDriver(".\pgdyapob.sys") error 0xC000003A: Cannot create a stable subkey under a volatile parent key". I'm not sure what this means. Note that when I double click gmer.exe, it put a copy of pgdyapob.sys on the desktop, which I'm not sure is correct?? I've attached a screen capture of the error. Also, the gmer screen does come up when I click "OK" to the error, however it doesn't allow selection of anything except Services, Registry and Files, unlike the example shown where everything is selected except IAT/EAT (all the other options are greyed out). I've also put a screen capture of this in the powerpoint file. Anyway, I did run the scan with the choices I could select (even though I wasn't sure it would give valid results since the .sys file didn't load) and it does report one registry value. Let me know how to proceed. Thanks!

Dan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dan at 18:14:36 on 2011-10-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.684 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = file:///C:/Documents%20and%20Settings/Dan/AAA/a/My%20homeboy%20page/camera_homepage/camera_links.html
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyServer = 190.26.253.233:80
uInternet Settings,ProxyOverride = <local>
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\documents and settings\dan\dans programs\yahoo\companion\installs\cpn\yt.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: bestplaces.net\www
Trusted Zone: ecustomersupport.com\tmobile
Trusted Zone: google.com\earth
Trusted Zone: microsoft.com\office
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} - hxxp://brevardpropertyappraiser.com/picto/include/PictImageCtrl30.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 172.27.35.1
TCP: Interfaces\{790764C6-AA7D-44FE-99BD-46B91C7E3942} : DhcpNameServer = 172.27.35.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2003-1-11 9344]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2003-7-24 4064]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2003-7-24 85868]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2003-7-24 115136]
S2 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S2 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;"f:\dan\superantispyware\sascore.exe" --> f:\dan\superantispyware\SASCORE.EXE [?]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2003-1-11 448640]
S4 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-10-2 67584]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== File Associations ===============
.
.scr=Icad.load.scr
.
=============== Created Last 30 ================
.
2011-10-07 22:13:53 607260 ------r- c:\windows\dds.exe
2011-10-06 20:48:59 -------- d-----w- c:\documents and settings\dan\local settings\application data\Help
2011-10-04 21:26:44 38400 ----a-w- c:\windows\system32\pchsvc.dll
2011-10-04 21:26:44 35328 ----a-w- c:\windows\system32\iprip.dll
2011-10-04 21:26:44 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-10-04 21:25:42 -------- d-sh--w- c:\documents and settings\all users\application data\KRSHistory
2011-10-04 16:35:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-04 16:35:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-03 02:51:52 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-03 02:51:52 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2011-10-02 16:26:17 -------- d-----w- c:\program files\Cobian Backup 10
2011-10-02 15:07:22 388096 ------r- c:\documents and settings\dan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-02 15:07:21 -------- d-----w- c:\program files\Trend Micro
2011-09-30 18:30:53 22216 ------w- c:\windows\system32\drivers\mbam.sys
2011-09-30 18:30:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 13:43:57 -------- d-----w- c:\documents and settings\dan\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\crypt32.dll
2011-08-28 13:23:11 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 18:15:00.59 ===============

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:12 PM

Posted 08 October 2011 - 06:20 AM

Hi gottavirus,

Apologies for the delay.

Seems you have no antivirus protection. You need to install one after you get connected.

  • Go to Add/Remove Programs and uninstall the following leftovers:
    LiveReg (Symantec Corporation)
    LiveUpdate 1.7 (Symantec Corporation)
    AVG 8.5

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • I need to see the ComboFix.txt from the first run. Please attach all the ComboFix logs that are at C:\Qoobox\combofixX.txt where X is a number.
    Also attach the last ComboFix log is here: C:\ComboFix.txt
  • We need to scan the system with this special tool.
    • Please download Junction.zip and save it.
      Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
    • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

      cmd /c junction -s c:\ >log.txt&log.txt

      if you are typing the command make sure there is a space after cmd and /c and junction and -s
      A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 08 October 2011 - 10:06 AM

Hello,

Thanks for your help. Here are the results:

1. I've removed all 3 leftover programs using Add/Remove
2. Minitoolbox results below.
3. 3 Combofix logs below, 1 from 9/22 redirect virus, 2 from latest fake security scan virus
4. Junction log below (didn't seem to find anything or fully work?)
5. TDSSkiller log (didn't seem to find anything)

MiniToolBox by Farbar
Ran by Dan (administrator) on 08-10-2011 at 09:15:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 190.26.253.233:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "DannosLAC4"

set address name="DannosLAC4" source=dhcp
set dns name="DannosLAC4" source=dhcp register=PRIMARY
set wins name="DannosLAC4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D61V6421

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter DannosLAC4:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

Physical Address. . . . . . . . . : 00-07-E9-C7-25-08

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 07 e9 c7 25 08 ...... Intel® PRO/100 M Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/06/2011 08:28:06 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (10/08/2011 09:12:44 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%123

Error: (10/08/2011 09:12:44 AM) (Source: Service Control Manager) (User: )
Description: The AFD Networking Support Environment service failed to start due to the following error:
%%123

Error: (10/08/2011 09:12:06 AM) (Source: DCOM) (User: Dan)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (10/08/2011 09:11:36 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (10/08/2011 09:00:55 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%123

Error: (10/08/2011 09:00:55 AM) (Source: Service Control Manager) (User: )
Description: The AFD Networking Support Environment service failed to start due to the following error:
%%123

Error: (10/08/2011 09:00:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV

Error: (10/08/2011 09:00:41 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%10050

Error: (10/08/2011 09:00:41 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (10/08/2011 09:00:41 AM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/06/2011 08:28:06 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA


**** End of log ****
==============================================================


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...No reparse points found.

=======================================================
10:49:39.0421 1500 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
10:49:39.0468 1500 ============================================================
10:49:39.0468 1500 Current date / time: 2011/10/08 10:49:39.0468
10:49:39.0468 1500 SystemInfo:
10:49:39.0468 1500
10:49:39.0468 1500 OS Version: 5.1.2600 ServicePack: 3.0
10:49:39.0468 1500 Product type: Workstation
10:49:39.0468 1500 ComputerName: D61V6421
10:49:39.0468 1500 UserName: Dan
10:49:39.0468 1500 Windows directory: C:\WINDOWS
10:49:39.0468 1500 System windows directory: C:\WINDOWS
10:49:39.0468 1500 Processor architecture: Intel x86
10:49:39.0468 1500 Number of processors: 1
10:49:39.0468 1500 Page size: 0x1000
10:49:39.0468 1500 Boot type: Normal boot
10:49:39.0468 1500 ============================================================
10:49:40.0750 1500 Initialize success
10:49:53.0921 1520 ============================================================
10:49:53.0921 1520 Scan started
10:49:53.0921 1520 Mode: Manual;
10:49:53.0921 1520 ============================================================
10:49:54.0421 1520 Abiosdsk - ok
10:49:54.0515 1520 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
10:49:54.0515 1520 abp480n5 - ok
10:49:54.0703 1520 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
10:49:54.0703 1520 ac97intc - ok
10:49:54.0875 1520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:49:54.0875 1520 ACPI - ok
10:49:55.0031 1520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:49:55.0031 1520 ACPIEC - ok
10:49:55.0187 1520 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
10:49:55.0187 1520 adpu160m - ok
10:49:55.0343 1520 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
10:49:55.0343 1520 aeaudio - ok
10:49:55.0468 1520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:49:55.0468 1520 aec - ok
10:49:55.0640 1520 AFD (8d499b1276012eb907e7a9e0f4d8fda4) C:\WINDOWS\System32\drivers\afd.sys
10:49:55.0640 1520 AFD - ok
10:49:55.0796 1520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:49:55.0796 1520 agp440 - ok
10:49:55.0984 1520 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
10:49:55.0984 1520 agpCPQ - ok
10:49:56.0140 1520 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
10:49:56.0140 1520 Aha154x - ok
10:49:56.0296 1520 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
10:49:56.0296 1520 aic78u2 - ok
10:49:56.0453 1520 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
10:49:56.0453 1520 aic78xx - ok
10:49:56.0640 1520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
10:49:56.0640 1520 AliIde - ok
10:49:56.0765 1520 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
10:49:56.0765 1520 alim1541 - ok
10:49:56.0890 1520 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
10:49:56.0890 1520 amdagp - ok
10:49:57.0046 1520 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
10:49:57.0046 1520 amsint - ok
10:49:57.0203 1520 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
10:49:57.0203 1520 asc - ok
10:49:57.0343 1520 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
10:49:57.0343 1520 asc3350p - ok
10:49:57.0484 1520 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
10:49:57.0484 1520 asc3550 - ok
10:49:57.0656 1520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:49:57.0656 1520 AsyncMac - ok
10:49:57.0812 1520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:49:57.0828 1520 atapi - ok
10:49:57.0953 1520 Atdisk - ok
10:49:58.0093 1520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:49:58.0093 1520 Atmarpc - ok
10:49:58.0218 1520 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
10:49:58.0218 1520 ATMhelpr - ok
10:49:58.0375 1520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:49:58.0375 1520 audstub - ok
10:49:58.0484 1520 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
10:49:58.0484 1520 basic2 - ok
10:49:58.0593 1520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:49:58.0593 1520 Beep - ok
10:49:58.0812 1520 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
10:49:58.0812 1520 BsStor - ok
10:49:58.0937 1520 BsUDF (6c8f8def60b321e5683dc822ae97d222) C:\WINDOWS\system32\drivers\BsUDF.sys
10:49:58.0953 1520 BsUDF - ok
10:49:59.0078 1520 bvrp_pci - ok
10:49:59.0187 1520 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
10:49:59.0187 1520 cbidf - ok
10:49:59.0312 1520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:49:59.0312 1520 cbidf2k - ok
10:49:59.0453 1520 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:49:59.0453 1520 CCDECODE - ok
10:49:59.0593 1520 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
10:49:59.0593 1520 cd20xrnt - ok
10:49:59.0734 1520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:49:59.0734 1520 Cdaudio - ok
10:49:59.0859 1520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:49:59.0859 1520 Cdfs - ok
10:50:00.0031 1520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:50:00.0031 1520 Cdrom - ok
10:50:00.0171 1520 Changer - ok
10:50:00.0343 1520 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
10:50:00.0343 1520 CmdIde - ok
10:50:00.0500 1520 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
10:50:00.0500 1520 Cpqarray - ok
10:50:00.0656 1520 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
10:50:00.0656 1520 dac2w2k - ok
10:50:00.0828 1520 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
10:50:00.0828 1520 dac960nt - ok
10:50:00.0937 1520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:50:00.0937 1520 Disk - ok
10:50:01.0109 1520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:50:01.0140 1520 dmboot - ok
10:50:01.0312 1520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:50:01.0328 1520 dmio - ok
10:50:01.0484 1520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:50:01.0484 1520 dmload - ok
10:50:01.0656 1520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:50:01.0656 1520 DMusic - ok
10:50:01.0843 1520 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
10:50:01.0843 1520 dpti2o - ok
10:50:01.0984 1520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:50:01.0984 1520 drmkaud - ok
10:50:02.0125 1520 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:50:02.0125 1520 E100B - ok
10:50:02.0312 1520 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
10:50:02.0312 1520 EL90XBC - ok
10:50:02.0500 1520 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
10:50:02.0531 1520 Fallback - ok
10:50:02.0687 1520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:50:02.0687 1520 Fastfat - ok
10:50:02.0859 1520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:50:02.0859 1520 Fdc - ok
10:50:03.0000 1520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:50:03.0000 1520 Fips - ok
10:50:03.0125 1520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:50:03.0125 1520 Flpydisk - ok
10:50:03.0250 1520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:50:03.0250 1520 FltMgr - ok
10:50:03.0421 1520 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
10:50:03.0421 1520 Fsks - ok
10:50:03.0593 1520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:50:03.0593 1520 Fs_Rec - ok
10:50:03.0734 1520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:50:03.0734 1520 Ftdisk - ok
10:50:03.0890 1520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:50:03.0890 1520 Gpc - ok
10:50:04.0046 1520 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:50:04.0046 1520 HidUsb - ok
10:50:04.0187 1520 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
10:50:04.0187 1520 hpn - ok
10:50:04.0328 1520 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:50:04.0343 1520 HPZid412 - ok
10:50:04.0484 1520 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:50:04.0484 1520 HPZipr12 - ok
10:50:04.0609 1520 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:50:04.0609 1520 HPZius12 - ok
10:50:04.0765 1520 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:50:04.0765 1520 HSFHWBS2 - ok
10:50:04.0984 1520 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:50:05.0000 1520 HSF_DP - ok
10:50:05.0203 1520 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
10:50:05.0234 1520 hsf_msft - ok
10:50:05.0375 1520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:50:05.0390 1520 HTTP - ok
10:50:05.0593 1520 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:50:05.0593 1520 i2omgmt - ok
10:50:05.0750 1520 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
10:50:05.0750 1520 i2omp - ok
10:50:05.0890 1520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:50:05.0890 1520 i8042prt - ok
10:50:06.0000 1520 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
10:50:06.0000 1520 i81x - ok
10:50:06.0125 1520 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
10:50:06.0125 1520 iAimFP0 - ok
10:50:06.0265 1520 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
10:50:06.0265 1520 iAimFP1 - ok
10:50:06.0390 1520 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
10:50:06.0390 1520 iAimFP2 - ok
10:50:06.0562 1520 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
10:50:06.0562 1520 iAimFP3 - ok
10:50:06.0671 1520 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
10:50:06.0671 1520 iAimFP4 - ok
10:50:06.0812 1520 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
10:50:06.0812 1520 iAimTV0 - ok
10:50:06.0968 1520 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
10:50:06.0968 1520 iAimTV1 - ok
10:50:07.0078 1520 iAimTV2 - ok
10:50:07.0187 1520 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
10:50:07.0203 1520 iAimTV3 - ok
10:50:07.0328 1520 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
10:50:07.0328 1520 iAimTV4 - ok
10:50:07.0468 1520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:50:07.0468 1520 Imapi - ok
10:50:07.0609 1520 incdrm (6f05034230ad665b8ad80214a3a9bc57) C:\WINDOWS\system32\drivers\incdrm.sys
10:50:07.0609 1520 incdrm - ok
10:50:07.0796 1520 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
10:50:07.0796 1520 ini910u - ok
10:50:07.0921 1520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:50:07.0921 1520 IntelIde - ok
10:50:08.0046 1520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:50:08.0046 1520 intelppm - ok
10:50:08.0171 1520 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
10:50:08.0171 1520 iomdisk - ok
10:50:08.0312 1520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:50:08.0328 1520 Ip6Fw - ok
10:50:08.0421 1520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:50:08.0437 1520 IpFilterDriver - ok
10:50:08.0578 1520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:50:08.0578 1520 IpInIp - ok
10:50:08.0734 1520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:50:08.0750 1520 IpNat - ok
10:50:08.0875 1520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:50:08.0875 1520 IPSec - ok
10:50:09.0000 1520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:50:09.0000 1520 IRENUM - ok
10:50:09.0140 1520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:50:09.0140 1520 isapnp - ok
10:50:09.0296 1520 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
10:50:09.0328 1520 K56 - ok
10:50:09.0500 1520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:50:09.0500 1520 Kbdclass - ok
10:50:09.0671 1520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:50:09.0671 1520 kmixer - ok
10:50:09.0859 1520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:50:09.0859 1520 KSecDD - ok
10:50:09.0984 1520 lbrtfdc - ok
10:50:10.0125 1520 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:50:10.0125 1520 mdmxsdk - ok
10:50:10.0281 1520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:50:10.0281 1520 mnmdd - ok
10:50:10.0437 1520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:50:10.0437 1520 Modem - ok
10:50:10.0593 1520 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:50:10.0593 1520 MODEMCSA - ok
10:50:10.0734 1520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:50:10.0734 1520 Mouclass - ok
10:50:10.0843 1520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:50:10.0859 1520 mouhid - ok
10:50:11.0031 1520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:11.0031 1520 MountMgr - ok
10:50:11.0156 1520 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
10:50:11.0156 1520 mraid35x - ok
10:50:11.0296 1520 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:50:11.0312 1520 MREMP50 - ok
10:50:11.0312 1520 MREMP50a64 - ok
10:50:11.0328 1520 MREMPR5 - ok
10:50:11.0343 1520 MRENDIS5 - ok
10:50:11.0359 1520 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:50:11.0359 1520 MRESP50 - ok
10:50:11.0375 1520 MRESP50a64 - ok
10:50:11.0531 1520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:11.0531 1520 MRxDAV - ok
10:50:11.0703 1520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:11.0750 1520 MRxSmb - ok
10:50:11.0937 1520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:50:11.0937 1520 Msfs - ok
10:50:12.0078 1520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:12.0078 1520 MSKSSRV - ok
10:50:12.0234 1520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:12.0234 1520 MSPCLOCK - ok
10:50:12.0375 1520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:12.0375 1520 MSPQM - ok
10:50:12.0515 1520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:12.0515 1520 mssmbios - ok
10:50:12.0687 1520 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:50:12.0687 1520 MSTEE - ok
10:50:12.0796 1520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:50:12.0796 1520 Mup - ok
10:50:12.0953 1520 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:50:12.0953 1520 NABTSFEC - ok
10:50:13.0109 1520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:50:13.0109 1520 NDIS - ok
10:50:13.0265 1520 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:50:13.0265 1520 NdisIP - ok
10:50:13.0406 1520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:13.0406 1520 NdisTapi - ok
10:50:13.0531 1520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:13.0531 1520 Ndisuio - ok
10:50:13.0687 1520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:13.0687 1520 NdisWan - ok
10:50:13.0812 1520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:13.0812 1520 NDProxy - ok
10:50:14.0000 1520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:14.0000 1520 NetBIOS - ok
10:50:14.0203 1520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:14.0203 1520 NetBT - ok
10:50:14.0406 1520 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS
10:50:14.0406 1520 NMSCFG - ok
10:50:14.0546 1520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:50:14.0546 1520 Npfs - ok
10:50:14.0750 1520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:14.0765 1520 Ntfs - ok
10:50:14.0921 1520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:50:14.0921 1520 Null - ok
10:50:15.0093 1520 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:50:15.0109 1520 nv - ok
10:50:15.0281 1520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:15.0281 1520 NwlnkFlt - ok
10:50:15.0390 1520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:15.0390 1520 NwlnkFwd - ok
10:50:15.0500 1520 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
10:50:15.0500 1520 omci - ok
10:50:15.0671 1520 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
10:50:15.0671 1520 P3 - ok
10:50:15.0843 1520 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
10:50:15.0843 1520 PalmUSBD - ok
10:50:15.0984 1520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:16.0000 1520 Parport - ok
10:50:16.0140 1520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:16.0140 1520 PartMgr - ok
10:50:16.0250 1520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:16.0250 1520 ParVdm - ok
10:50:16.0390 1520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:16.0390 1520 PCI - ok
10:50:16.0500 1520 PCIDump - ok
10:50:16.0671 1520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
10:50:16.0671 1520 PCIIde - ok
10:50:16.0828 1520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:16.0828 1520 Pcmcia - ok
10:50:17.0000 1520 PD0620VID (00a4197ab139819fea9f65faf8320a75) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
10:50:17.0000 1520 PD0620VID - ok
10:50:17.0140 1520 PDCOMP - ok
10:50:17.0265 1520 PDFRAME - ok
10:50:17.0390 1520 PDRELI - ok
10:50:17.0484 1520 PDRFRAME - ok
10:50:17.0609 1520 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
10:50:17.0609 1520 perc2 - ok
10:50:17.0812 1520 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
10:50:17.0828 1520 perc2hib - ok
10:50:17.0953 1520 PfModNT - ok
10:50:18.0093 1520 PPCLASS (534185b82676d1e8b9fcfd8c1bfe8110) C:\WINDOWS\system32\drivers\PPCLASS.sys
10:50:18.0093 1520 PPCLASS - ok
10:50:18.0218 1520 PPSCAN (8ae536cf74546536f282d1fbce943324) C:\WINDOWS\system32\drivers\PPSCAN.sys
10:50:18.0218 1520 PPSCAN - ok
10:50:18.0375 1520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:18.0375 1520 PptpMiniport - ok
10:50:18.0484 1520 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:50:18.0484 1520 Processor - ok
10:50:18.0625 1520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:18.0640 1520 PSched - ok
10:50:18.0781 1520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:18.0781 1520 Ptilink - ok
10:50:18.0921 1520 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:50:18.0921 1520 PxHelp20 - ok
10:50:19.0078 1520 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
10:50:19.0093 1520 ql1080 - ok
10:50:19.0265 1520 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
10:50:19.0265 1520 Ql10wnt - ok
10:50:19.0421 1520 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
10:50:19.0421 1520 ql12160 - ok
10:50:19.0578 1520 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
10:50:19.0578 1520 ql1240 - ok
10:50:19.0750 1520 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
10:50:19.0765 1520 ql1280 - ok
10:50:19.0906 1520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:19.0906 1520 RasAcd - ok
10:50:20.0046 1520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:20.0046 1520 Rasl2tp - ok
10:50:20.0218 1520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:20.0218 1520 RasPppoe - ok
10:50:20.0343 1520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:20.0343 1520 Raspti - ok
10:50:20.0453 1520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:20.0453 1520 Rdbss - ok
10:50:20.0578 1520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:20.0578 1520 RDPCDD - ok
10:50:20.0765 1520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:50:20.0765 1520 rdpdr - ok
10:50:20.0937 1520 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:20.0937 1520 RDPWD - ok
10:50:21.0078 1520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:21.0078 1520 redbook - ok
10:50:21.0218 1520 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
10:50:21.0218 1520 Rksample - ok
10:50:21.0343 1520 rootrepeal - ok
10:50:21.0531 1520 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
10:50:21.0546 1520 RsFx0150 - ok
10:50:21.0625 1520 SASDIFSV - ok
10:50:21.0640 1520 SASENUM - ok
10:50:21.0656 1520 SASKUTIL - ok
10:50:21.0843 1520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:21.0859 1520 Secdrv - ok
10:50:22.0000 1520 Sentinel (99c81af18c0bf4d3b2ce0b36941e150f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
10:50:22.0000 1520 Sentinel - ok
10:50:22.0125 1520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:22.0140 1520 serenum - ok
10:50:22.0250 1520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:22.0265 1520 Serial - ok
10:50:22.0421 1520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:22.0421 1520 Sfloppy - ok
10:50:22.0546 1520 Simbad - ok
10:50:22.0703 1520 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
10:50:22.0718 1520 sisagp - ok
10:50:22.0859 1520 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:50:22.0859 1520 SLIP - ok
10:50:23.0062 1520 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
10:50:23.0078 1520 smwdm - ok
10:50:23.0265 1520 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
10:50:23.0265 1520 SoftFax - ok
10:50:23.0421 1520 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:50:23.0421 1520 SONYPVU1 - ok
10:50:23.0562 1520 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
10:50:23.0578 1520 Sparrow - ok
10:50:23.0750 1520 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
10:50:23.0750 1520 SpeakerPhone - ok
10:50:23.0875 1520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:50:23.0875 1520 splitter - ok
10:50:24.0046 1520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:24.0046 1520 sr - ok
10:50:24.0234 1520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:24.0250 1520 Srv - ok
10:50:24.0437 1520 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:50:24.0437 1520 streamip - ok
10:50:24.0578 1520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:24.0578 1520 swenum - ok
10:50:24.0750 1520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:50:24.0750 1520 swmidi - ok
10:50:24.0906 1520 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
10:50:24.0906 1520 symc810 - ok
10:50:25.0062 1520 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
10:50:25.0062 1520 symc8xx - ok
10:50:25.0218 1520 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
10:50:25.0218 1520 sym_hi - ok
10:50:25.0359 1520 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
10:50:25.0375 1520 sym_u3 - ok
10:50:25.0515 1520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:25.0515 1520 sysaudio - ok
10:50:25.0687 1520 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:25.0718 1520 Tcpip - ok
10:50:25.0890 1520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:25.0890 1520 TDPIPE - ok
10:50:26.0031 1520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:26.0031 1520 TDTCP - ok
10:50:26.0187 1520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:26.0187 1520 TermDD - ok
10:50:26.0312 1520 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
10:50:26.0312 1520 Tones - ok
10:50:26.0500 1520 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
10:50:26.0500 1520 TosIde - ok
10:50:26.0687 1520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:50:26.0687 1520 Udfs - ok
10:50:26.0828 1520 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
10:50:26.0828 1520 ultra - ok
10:50:26.0984 1520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:50:27.0015 1520 Update - ok
10:50:27.0203 1520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:27.0203 1520 usbccgp - ok
10:50:27.0343 1520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:50:27.0359 1520 usbehci - ok
10:50:27.0484 1520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:27.0484 1520 usbhub - ok
10:50:27.0609 1520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:50:27.0625 1520 usbprint - ok
10:50:27.0765 1520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:50:27.0765 1520 usbscan - ok
10:50:27.0921 1520 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
10:50:27.0921 1520 usbser - ok
10:50:28.0062 1520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:28.0062 1520 USBSTOR - ok
10:50:28.0203 1520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:28.0203 1520 usbuhci - ok
10:50:28.0312 1520 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
10:50:28.0328 1520 USB_RNDIS_XP - ok
10:50:28.0515 1520 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
10:50:28.0546 1520 V124 - ok
10:50:28.0718 1520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:50:28.0718 1520 VgaSave - ok
10:50:28.0890 1520 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
10:50:28.0890 1520 viaagp - ok
10:50:29.0031 1520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
10:50:29.0031 1520 ViaIde - ok
10:50:29.0140 1520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:29.0140 1520 VolSnap - ok
10:50:29.0312 1520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:29.0312 1520 Wanarp - ok
10:50:29.0421 1520 WDICA - ok
10:50:29.0546 1520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:29.0546 1520 wdmaud - ok
10:50:29.0750 1520 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:50:29.0750 1520 winachsf - ok
10:50:29.0984 1520 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:50:30.0000 1520 WpdUsb - ok
10:50:30.0156 1520 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:50:30.0156 1520 WSTCODEC - ok
10:50:30.0312 1520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:50:30.0312 1520 WudfPf - ok
10:50:30.0421 1520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:50:30.0421 1520 WudfRd - ok
10:50:30.0468 1520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:50:30.0578 1520 \Device\Harddisk0\DR0 - ok
10:50:30.0593 1520 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR9
10:50:30.0593 1520 \Device\Harddisk2\DR9 - ok
10:50:30.0609 1520 Boot (0x1200) (637cf11ba2cf845fca00b7f39b8a851c) \Device\Harddisk0\DR0\Partition0
10:50:30.0609 1520 \Device\Harddisk0\DR0\Partition0 - ok
10:50:30.0625 1520 Boot (0x1200) (abf9303374c3b2914bd55d6d529f17a7) \Device\Harddisk2\DR9\Partition0
10:50:30.0625 1520 \Device\Harddisk2\DR9\Partition0 - ok
10:50:30.0625 1520 ============================================================
10:50:30.0625 1520 Scan finished
10:50:30.0625 1520 ============================================================
10:50:30.0640 1512 Detected object count: 0
10:50:30.0640 1512 Actual detected object count: 0
10:51:05.0750 0344 Deinitialize success

Attached Files


Edited by farbar, 09 October 2011 - 06:22 AM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:12 PM

Posted 09 October 2011 - 06:55 AM

Thanks for the logs.

  • Ethernet adapter DannosLAC4:

    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

  • To check if all devices are working properly:
    • Go to start > right-click My computer and select Manage
    • In the left pane select Device Manger.
    • In the right pane expand Network Adapters.
    • Check if there is any ? or ! besides the listed devices.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Set Services to All.
    • Set Drivers to All.
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste only OTL.txt to your reply:


#9 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 09 October 2011 - 09:16 AM

Hi Farbar,

I check device manager and the network adapter is running. It's possible I might have accidentally had it disabled during an earlier scan, though I don't recall having done that.

Following is the OTL scan,

OTL logfile created on: 10/9/2011 10:00:09 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 736.24 Mb Available Physical Memory | 71.97% Memory free
1.40 Gb Paging File | 1.27 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 28.89 Gb Free Space | 51.74% Space Free | Partition Type: NTFS
Drive F: | 961.47 Mb Total Space | 290.11 Mb Free Space | 30.17% Space Free | Partition Type: FAT

Computer Name: D61V6421 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 21:09:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/05/03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe
PRC - [1997/08/06 01:00:00 | 003,499,792 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\POWERPNT.EXE


========== Modules (No Company Name) ==========

MOD - [2002/08/29 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TSD32.DLL
MOD - [1997/08/06 01:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/06 01:00:00 | 003,499,792 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\POWERPNT.EXE


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (!SASCORE)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Disabled | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\spoolsv.exe -- (Spooler)
SRV - [2010/04/03 14:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2010/04/03 14:56:08 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2010/04/03 14:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2010/04/03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/04/03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/14 16:48:08 | 000,053,760 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2009/05/14 16:48:06 | 000,044,032 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (PlugPlay)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (Eventlog)
SRV - [2009/01/30 17:52:48 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\es.dll -- (EventSystem)
SRV - [2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\WBEM\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ups.exe -- (UPS)
SRV - [2008/04/13 20:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 20:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 20:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 20:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:21 | 000,267,776 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\fxssvc.exe -- (Fax)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 20:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 20:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\w32time.dll -- (w32time)
SRV - [2008/04/13 20:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\termsrv.dll -- (TermService)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 20:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\sens.dll -- (SENS)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\qmgr.dll -- (BITS)
SRV - [2008/04/13 20:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\netman.dll -- (Netman)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\alrsvc.dll -- (Alerter)
SRV - [2007/08/22 18:22:00 | 000,147,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 22:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WudfSvc.dll -- (WudfSvc)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 14:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Disabled | Stopped] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Disabled | Stopped] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
SRV - [2002/08/29 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSVP.EXE -- (RSVP)
SRV - [2002/05/03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2000/06/26 08:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SASKUTIL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
DRV - File not found [Kernel | Auto | Stopped] -- -- (PfModNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/07/15 09:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 10:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2011/06/24 10:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/04/21 09:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys -- (Srv)
DRV - [2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RsFx0150.sys -- (RsFx0150)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/28 16:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/01/30 17:52:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/30 17:52:12 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/28 20:27:07 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2008/10/28 20:27:07 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2008/10/28 20:27:07 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys -- (streamip)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 14:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys -- (P3)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys -- (aec)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2006/12/19 21:13:06 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/10/18 21:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/04/16 02:20:14 | 000,090,700 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P0620Vid.sys -- (PD0620VID)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/10/15 15:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/13 17:35:44 | 000,448,640 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/09/04 14:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2002/08/29 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS -- (IpFilterDriver)
DRV - [2002/08/29 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS -- (NwlnkFwd)
DRV - [2002/08/29 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\CDAUDIO.SYS -- (Cdaudio)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS -- (Raspti)
DRV - [2002/08/29 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS -- (NwlnkFlt)
DRV - [2002/08/29 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ACPIEC.SYS -- (ACPIEC)
DRV - [2002/08/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS -- (RasAcd)
DRV - [2002/08/29 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PARVDM.SYS -- (ParVdm)
DRV - [2002/08/29 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS -- (dmload)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS -- (RDPCDD)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\MNMDD.SYS -- (mnmdd)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\BEEP.SYS -- (Beep)
DRV - [2002/08/29 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NULL.SYS -- (Null)
DRV - [2002/08/05 11:23:58 | 000,545,208 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/06/30 21:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 21:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 21:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/06/06 04:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/05/23 02:46:10 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/05/03 13:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.sys -- (NMSCFG)
DRV - [2002/04/30 14:53:08 | 000,139,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2002/04/01 15:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/10/22 16:46:42 | 000,009,855 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 16:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpn.sys -- (hpn)
DRV - [2001/08/17 16:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2.sys -- (perc2)
DRV - [2001/08/17 16:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 16:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS -- (audstub)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2001/08/17 15:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 15:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\CBIDF2K.SYS -- (cbidf2k)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 15:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 15:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 15:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 15:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amsint.sys -- (amsint)
DRV - [2001/08/17 15:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\toside.sys -- (TosIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 15:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 15:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 15:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 15:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 15:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 15:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 15:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 15:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 15:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 15:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/07/20 06:38:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [1998/02/20 14:37:10 | 000,115,136 | ---- | M] (Shuttle Technology.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)
DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)
DRV - [1997/04/09 16:08:24 | 000,085,868 | ---- | M] (Silitek Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ppclass.sys -- (PPCLASS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Dan/AAA/a/My%20homeboy%20page/camera_homepage/camera_links.html
IE - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1483: C:\Program Files\StormII\Codec\Plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: RealPlayer File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\DOCUME~1\Dan\DANSPR~1\yahoo\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


O1 HOSTS File: ([2011/10/04 19:11:34 | 000,249,881 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100links.com
O1 - Hosts: 127.0.0.1 100links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Documents and Settings\Dan\Dans programs\yahoo\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 335
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1893138924-1319532071-1995330729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://brevardpropertyappraiser.com/picto/include/PictImageCtrl30.cab (Pictometry Viewer Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790764C6-AA7D-44FE-99BD-46B91C7E3942}: DhcpNameServer = 172.27.35.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan\My Documents\My Pictures\miscellaneous stuffing\desktop\bike.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan\My Documents\My Pictures\miscellaneous stuffing\desktop\bike.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 21:16:22 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/10/07 18:13:53 | 000,607,260 | R--- | C] (Swearware) -- C:\WINDOWS\dds.exe
[2011/10/07 18:11:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan\Desktop\dds.scr.exe
[2011/10/07 18:02:51 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan\Desktop\dds.pif
[2011/10/06 16:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Help
[2011/10/06 16:37:15 | 004,245,600 | ---- | C] (Swearware) -- C:\Documents and Settings\Dan\Desktop\ComboFix.exe
[2011/10/04 17:26:44 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll
[2011/10/04 17:26:44 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/10/04 17:25:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
[2011/10/03 10:45:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/02 22:51:52 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/10/02 22:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/02 12:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2011/10/02 12:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/10/02 11:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/30 14:30:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/30 14:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/28 16:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Amazon
[2011/09/24 15:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 09:56:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/08 14:57:49 | 000,000,211 | ---- | M] () -- C:\Boot.ini
[2011/10/08 14:04:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/07 21:35:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dan\defogger_reenable
[2011/10/07 21:09:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2011/10/07 19:52:58 | 000,008,192 | ---- | M] () -- C:\WINDOWS\Dan.pcb
[2011/10/07 17:17:46 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan\Desktop\dds.pif
[2011/10/07 17:16:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan\Desktop\dds.scr.exe
[2011/10/07 17:16:58 | 000,607,260 | R--- | M] (Swearware) -- C:\WINDOWS\dds.exe
[2011/10/06 18:08:31 | 000,007,441 | ---- | M] () -- C:\WINDOWS\Dan8.xlb
[2011/10/06 16:31:28 | 004,245,600 | ---- | M] (Swearware) -- C:\Documents and Settings\Dan\Desktop\ComboFix.exe
[2011/10/06 16:28:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2011/10/06 16:18:06 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\SystemLook.exe
[2011/10/04 19:11:34 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/10/04 11:52:54 | 000,561,474 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/04 11:52:54 | 000,109,864 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/03 20:56:26 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\12 --- MiniToolBox.exe
[2011/10/03 13:27:05 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20111004-191134.backup
[2011/10/02 22:35:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2011/10/01 22:19:54 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/29 21:22:08 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\orlando furniture - by owner classifieds - craigslist.url
[2011/09/24 21:13:14 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\orlando household items classifieds - craigslist.url
[2011/09/21 19:14:00 | 000,000,788 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/09/09 12:02:57 | 000,000,298 | ---- | M] () -- C:\WINDOWS\SMITH.INI
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 09:14:41 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\12 --- MiniToolBox.exe
[2011/10/07 21:35:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan\defogger_reenable
[2011/10/07 21:34:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\Defogger.exe
[2011/10/07 20:03:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\gmer.exe
[2011/10/06 16:18:03 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\SystemLook.exe
[2011/08/20 21:53:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\DC_Manager.ini
[2011/07/13 15:25:44 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 15:24:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\fusioncache.dat
[2010/09/26 21:07:33 | 000,362,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1893138924-1319532071-1995330729-1006-0.dat
[2010/09/26 21:07:30 | 000,325,874 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/15 12:16:44 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zzzzzzzzzzMicrosoft.SqlServer.Compact.351.32.bc
[2010/09/15 10:26:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 20:02:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/27 08:37:17 | 000,136,481 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/07/27 08:37:17 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/07/26 21:55:13 | 000,073,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/11 14:06:02 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/23 14:35:49 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/02/19 20:34:04 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2008/02/19 20:34:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/04/25 18:40:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/12/25 10:25:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/12/20 22:02:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/12/10 19:14:15 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/11/22 18:41:17 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/11/22 18:41:17 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/08/05 16:56:37 | 000,000,868 | ---- | C] () -- C:\WINDOWS\MSIM.INI
[2006/08/05 12:55:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atlass.INI
[2006/06/16 18:59:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/16 18:26:15 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/06/16 18:17:58 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/06/16 18:16:59 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/06/16 18:15:08 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/06/16 17:56:23 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/16 17:49:13 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/14 20:24:00 | 000,112,384 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/06/14 20:23:59 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/05/18 19:25:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/08 22:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\oirvTTg.dat
[2006/01/10 21:47:59 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\mic32.dll
[2005/12/31 21:14:25 | 000,000,072 | ---- | C] () -- C:\WINDOWS\B2Spice4.ini
[2005/07/07 18:17:33 | 000,267,521 | ---- | C] () -- C:\WINDOWS\System32\spicaplib.dll
[2005/05/17 17:51:06 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2005/01/04 21:17:00 | 000,000,869 | ---- | C] () -- C:\WINDOWS\csmith.ini
[2004/11/26 16:37:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2004/11/26 16:36:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2004/11/26 16:32:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/25 00:25:34 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2004/09/19 18:17:55 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/02/22 13:17:06 | 000,000,774 | ---- | C] () -- C:\WINDOWS\TXLINE.INI
[2003/11/20 23:16:23 | 000,027,906 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/10/19 13:41:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/27 17:36:19 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2003/09/27 17:36:19 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2003/09/27 17:36:19 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2003/09/27 17:35:54 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\mkl_sys.dll
[2003/08/04 22:45:48 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ARASAN16.INI
[2003/07/24 18:58:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2003/07/24 18:32:05 | 000,002,332 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2003/07/24 18:31:11 | 000,000,228 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2003/07/24 18:30:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/07/24 18:26:36 | 000,001,783 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2003/07/24 18:26:09 | 000,000,602 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/07/24 18:24:13 | 000,003,156 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2003/07/24 18:24:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2003/07/24 18:24:07 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2003/07/24 18:23:55 | 000,064,845 | ---- | C] () -- C:\WINDOWS\pmmail.exe
[2003/07/24 18:23:55 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2003/07/24 18:23:54 | 000,171,024 | ---- | C] () -- C:\WINDOWS\p1220_16.dll
[2003/07/24 18:23:54 | 000,150,560 | ---- | C] () -- C:\WINDOWS\vud32.dll
[2003/07/24 18:23:54 | 000,112,672 | ---- | C] () -- C:\WINDOWS\p1220_32.dll
[2003/07/24 18:23:54 | 000,105,504 | ---- | C] () -- C:\WINDOWS\p6xx_32.dll
[2003/07/24 18:23:53 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2003/07/24 18:11:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/07/24 18:11:06 | 000,000,187 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2003/07/24 18:11:04 | 000,000,978 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2003/04/11 20:12:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/03/09 23:02:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/02/18 10:35:08 | 000,000,298 | ---- | C] () -- C:\WINDOWS\SMITH.INI
[2003/01/19 19:47:51 | 000,000,307 | ---- | C] () -- C:\WINDOWS\arasan.ini
[2003/01/12 15:07:24 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2003/01/11 23:44:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/03 03:34:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/03 03:18:12 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/03 03:10:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/12/03 03:09:02 | 000,561,474 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2002/12/03 03:09:02 | 000,109,864 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2002/12/03 02:57:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 18:46:26 | 000,427,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/09 18:42:56 | 000,000,768 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/02/22 03:03:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/03/29 23:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 19:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 16:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 22:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/01/28 01:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997/08/06 01:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/06 01:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/08/06 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/06 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/06 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >

#10 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 09 October 2011 - 09:49 AM

Hi again,

I went back and reran MiniToolBox to see about the Network Adapter being disconnected, and I see that the problem wasn't that the Network adapter wasn't working, but that I didn't have the ethernet cable to the internet plugged in (it was in this computer that I'm using to post here)! So I reran with the cable installed and below are those results, which no longer show the adapter disconnected:

MiniToolBox by Farbar
Ran by Dan (administrator) on 09-10-2011 at 10:43:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "DannosLAC4"

set address name="DannosLAC4" source=dhcp
set dns name="DannosLAC4" source=dhcp register=PRIMARY
set wins name="DannosLAC4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D61V6421

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter DannosLAC4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

Physical Address. . . . . . . . . : 00-07-E9-C7-25-08

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 172.27.35.1

DNS Servers . . . . . . . . . . . : 172.27.35.1

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 07 e9 c7 25 08 ...... Intel® PRO/100 M Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/06/2011 08:28:06 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (10/09/2011 10:38:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%123

Error: (10/09/2011 10:38:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD Networking Support Environment service failed to start due to the following error:
%%123

Error: (10/09/2011 10:38:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%10050

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%2

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The SASENUM service failed to start due to the following error:
%%2

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The Remote Procedure Call (RPC) Locator service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10050

Error: (10/09/2011 10:38:22 AM) (Source: Service Control Manager) (User: )
Description: The PfModNT service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/06/2011 08:28:06 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA


**** End of log ****

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:12 PM

Posted 09 October 2011 - 11:30 AM

There are a lot needing fixing.

  • Please download the , transfer it to the problem computer and double-click to run it. A black command prompt opens and then closes. Please post the log it makes.
  • Please download SystemLook (32-bit) and save it to your Desktop.

  • Double-click the tool to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    afd.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#12 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 09 October 2011 - 11:56 AM

OK, here are the logs:

==========================================================================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,66,00,64,00,2e,00,73,00,79,00,\
73,00,00,00,00,00
"DisplayName"="AFD Networking Support Environment"
"Group"="TDI"
"Description"="AFD Networking Support Environment"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security"=hex:01,00,14,80,90,00,00,00,80,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD Networking Support Environment"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\LogConf]

=================
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
=================

SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 123 (0x7b)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD Networking Support Environment
DEPENDENCIES :
SERVICE_START_NAME :
=====================================================================================

SystemLook 30.07.11 by jpshortstuff
Log created at 12:49 on 09/10/2011 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\I386\afd.sys --a---- 138496 bytes [17:18 04/10/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys ------- 138496 bytes [18:02 16/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys ------- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys ------- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys ------- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys ------- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys ------- 138368 bytes [13:14 16/10/2008] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC
C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys ------- 138496 bytes [13:14 16/10/2008] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys ------- 138496 bytes [13:14 16/10/2008] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [11:51 26/02/2005] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys --a---- 138496 bytes [02:51 03/10/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys --a---- 138496 bytes [02:51 03/10/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4

-= EOF =-

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:12 PM

Posted 09 October 2011 - 01:33 PM

  • Download and save it to the problem computer.
    Double click AFD.REG to run it and confirm the prompt to allow it to merge with the registry.
  • Please connect the Ethernet cable directly to the problem computer.
  • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (Ethernet adapter DannosLAC4), and select Properties.
    • Select the General tab. Internet Protocol (TCP/IP) should be checked.
    • Double click on Internet Protocol (TCP/IP) under General tab:
    • [Check Obtain an IP address automatically and Obtain DNS server address automatically.
    • Click OK twice to save the settings.
  • After the above steps are done successfully reboot the computer (Ethernet cable should be connected directly) and tell me if you get connected.


#14 gottavirus

gottavirus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 09 October 2011 - 03:44 PM

Hi Farbar,

Good news, I'm writing from my "infected" PC now that it can go online! :busy:

I'm not really sure what it was that fixed the problem as I had manually made the very same AFD registry changes several times myself, but for whatever reason they always got removed when I tried to go online, but after running the batch file they stuck and the service is running! Perhaps I had made the right changes before but didn't reboot right away and that's why they were lost?? Well, anyway, it's really great to be back online with this computer! You saved me an entire Windows reinstall which I really wasn't wanting to do.

At this point does it look to you like any virus' are gone? If so we can close the topic as successfully resolved. Thanks very much!

Dan

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:12 PM

Posted 09 October 2011 - 03:53 PM

Great. :thumbsup:

I think we should get the system to a protected mode. Now it is just like a little lamb in jungle.

  • Go to Start => Control Panel => Windows Firewall and make sure it is enabled.
  • You need to install an antivirus program to have a proper protection. I recommend this good free antivirus:

    Avira
  • Download the installer from softpedia.com link as it has a secure download mirror.
  • Install it but if it asked you to install any additional toolbar select no or uncheck the option.
  • Update it then let it scan the computer and remove what it finds.
  • Copy and paste the content of the report to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users