Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Tidserve/Alureon.E infection


  • This topic is locked This topic is locked
44 replies to this topic

#1 sarichardson

sarichardson

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 14 March 2012 - 02:29 PM

Hi,

A few days ago my computer said it was infected with Alureon.E. I was using Microsoft Security Essentials at the time. My dad suggested I use Norton instead stating it is better and could remove the virus. It didn't. It referred to the virus as Boot.Tidserv.

I have tried using Norton Power Eraser, Malwarebytes, Superantispyware and TDSS Killer. None of them worked. NPE, Malwarebytes and Superantispyware all detected the problem but coud not remove it. TDSS Killer never found a problem.

I have gone through the Preparation Steps. I have the GMER log but not the DSS log. Every time I try to run the DSS program it seems to be running but after twenty minutes or so it does not finish and ends up freezing the computer. I have tried at least three separate times.

I look forward to hearing back from you. Thank you for your help.


Scott

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 14 March 2012 - 10:31 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Post your GMER log for me

Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 15 March 2012 - 09:54 AM

Thank you for getting back to me so quickly. I really appreciate your help.


OTL.txt

OTL logfile created on: 3/15/2012 10:03:12 AM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\ScottRichardson\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.36 Mb Total Physical Memory | 300.06 Mb Available Physical Memory | 29.35% Memory free
2.40 Gb Paging File | 1.32 Gb Available in Paging File | 55.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.64 Gb Total Space | 11.57 Gb Free Space | 22.41% Space Free | Partition Type: NTFS
Drive D: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCOTT | User Name: ScottRichardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 10:01:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottRichardson\Desktop\OTL.exe
PRC - [2012/03/07 15:41:36 | 003,708,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v4.6-delta.exe
PRC - [2012/03/04 16:17:38 | 000,092,984 | ---- | M] (Microsoft Corporation) -- c:\64d575b07c320849f7a2cacc0b\mrtstub.exe
PRC - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe
PRC - [2011/10/19 12:09:04 | 009,251,240 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\devices.exe
PRC - [2011/10/13 12:23:45 | 002,042,088 | ---- | M] (GameStop Corp.) -- C:\Program Files\Impulse\Now\ImpulseNow.exe
PRC - [2011/08/17 12:03:18 | 000,099,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/08/11 20:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/07/15 16:44:18 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/07/12 19:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 18:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/07/04 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011/07/04 02:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/07/04 02:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011/07/04 02:39:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/06/22 20:32:36 | 000,882,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2011/06/22 19:49:24 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/06/22 19:30:38 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/04/14 15:48:52 | 000,193,896 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2011/04/14 15:48:46 | 000,189,800 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2011/04/14 15:48:44 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2011/04/14 15:48:42 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2011/04/14 15:48:40 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/03/26 05:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/09/24 16:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/07/23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/14 17:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 16:58:54 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/09 06:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2007/08/03 17:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007/01/30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/07 20:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/02/02 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/11 14:22:03 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011/11/09 08:54:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
MOD - [2011/11/09 08:53:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2011/11/09 08:53:18 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
MOD - [2011/11/09 08:53:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
MOD - [2011/11/09 08:52:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011/11/09 08:52:49 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
MOD - [2011/11/09 08:43:37 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
MOD - [2011/11/09 08:43:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011/11/09 08:43:26 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2011/11/09 08:43:14 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2011/11/09 08:42:37 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
MOD - [2011/11/09 08:42:09 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
MOD - [2011/11/09 08:41:54 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
MOD - [2011/11/09 08:41:47 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011/11/09 02:08:18 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2011/11/08 19:32:33 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:32 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:32 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3559.24629__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:32 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:32 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:32 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:32 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:31 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:31 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3559.24580__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:31 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3559.24580__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:30 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:30 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:29 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:29 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:28 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:27 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:27 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:27 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:27 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:27 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:27 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:27 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:26 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:26 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:26 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/11/08 19:32:26 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:26 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:25 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3559.24620__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:25 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/11/08 19:32:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/11/08 19:32:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/11/08 19:32:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/11/08 19:32:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/11/08 19:32:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/11/08 19:32:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/11/08 19:32:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/11/08 19:32:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/11/08 19:32:24 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/11/08 19:32:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/11/08 19:32:23 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/11/08 19:32:23 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/11/08 19:32:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/11/08 19:32:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/11/08 19:32:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/11/08 19:32:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/11/08 19:32:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/11/08 19:32:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/11/08 19:32:22 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/11/08 19:32:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/11/08 19:32:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/11/08 19:32:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/11/08 19:32:21 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/11/08 19:32:21 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/11/08 19:32:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/11/08 19:32:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/11/08 19:32:19 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/11/08 19:32:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/11/08 19:32:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/11/08 19:32:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/11/08 19:32:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/11/08 19:32:19 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/11/08 19:32:19 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/11/08 19:32:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/11/08 19:32:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/11/08 19:32:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/11/08 19:32:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/11/08 19:32:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/11/08 19:32:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/11/08 19:32:18 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/11/08 19:32:17 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/11/08 19:32:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/11/08 19:32:17 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/11/08 19:32:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/11/08 19:32:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/11/08 19:32:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/11/08 19:32:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/11/08 19:32:15 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/11/08 19:32:15 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/11/08 19:32:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/11/08 19:32:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/11/08 19:32:15 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/11/08 19:32:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/11/08 19:32:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll
MOD - [2011/11/08 19:32:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/11/07 21:47:49 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/07/15 16:43:48 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011/07/04 02:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2011/07/04 02:39:00 | 000,054,272 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2011/07/04 02:39:00 | 000,042,496 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2011/04/14 13:39:46 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
MOD - [2011/04/14 13:33:56 | 000,258,048 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2011/04/14 13:33:54 | 000,044,544 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2011/04/14 13:33:50 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2009/05/15 16:01:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/05/14 17:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2008/05/14 17:08:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2008/05/14 17:08:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/12/07 04:24:20 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/01/17 02:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe -- (NIS)
SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/07/12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/07/04 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/07/04 02:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/07/04 02:39:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/06/22 20:32:36 | 000,882,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2011/06/22 19:49:24 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/06/22 19:30:38 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2011/04/14 15:48:42 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2011/04/14 15:48:40 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/24 16:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2008/05/14 17:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 16:58:54 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/09 06:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2007/01/30 13:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB2B5FE5-8DBF-4491-83C7-73B80549D552}\MpKsled900b14.sys -- (MpKsled900b14)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/13 22:55:19 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120314.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/13 22:55:19 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120314.035\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/09 22:11:48 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/09 22:11:47 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/09 22:11:22 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/09 06:22:28 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120315.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/03/02 19:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/01/17 19:46:01 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\symtdi.sys -- (SYMTDI)
DRV - [2012/01/17 19:45:57 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\symefa.sys -- (SymEFA)
DRV - [2012/01/17 19:35:24 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\ironx86.sys -- (SymIRON)
DRV - [2012/01/17 19:33:51 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\srtsp.sys -- (SRTSP)
DRV - [2012/01/17 19:33:51 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 19:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/11/08 18:49:55 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/11/07 22:50:31 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2011/07/25 22:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1306010.008\symds.sys -- (SymDS)
DRV - [2011/07/04 02:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/07/04 02:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011/04/08 18:24:24 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2011/04/08 18:23:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2011/03/29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/03/29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/10/07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel®
DRV - [2010/09/07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/05/19 23:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/03/26 05:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/02/11 10:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/09 06:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/02/22 17:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/06 18:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/02/02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/04/15 01:13:00 | 000,339,488 | R--- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=111373&babsrc=HP_ss&mntrId=ccc553bb000000000000001302ace086
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111373&babsrc=SP_ss&mntrId=ccc553bb000000000000001302ace086
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
IE - HKCU\..\SearchScopes\{F2E7149D-B214-4C0D-8259-56DA08825D45}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://wolfwall.com/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=111373&babsrc=adbartrp&mntrId=ccc553bb000000000000001302ace086&q="
FF - prefs.js..network.proxy.http: "184.164.157.186"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/09 19:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/03/14 15:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/09 22:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2011/11/09 16:05:06 | 000,000,000 | ---D | M]

[2011/11/07 18:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ScottRichardson\Application Data\Mozilla\Extensions
[2012/03/10 22:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ScottRichardson\Application Data\Mozilla\Firefox\Profiles\am4qjfx5.default\extensions
[2012/02/08 15:06:41 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Documents and Settings\ScottRichardson\Application Data\Mozilla\Firefox\Profiles\am4qjfx5.default\extensions\crossriderapp435@crossrider.com
[2012/03/09 22:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/09 19:04:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/09 19:02:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 22:32:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.14.36_0\
CHR - Extension: Gmail = C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.6.1.8\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O4 - Startup: C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/07 20:32:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001/04/30 13:33:00 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell - "" = AutoRun
O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell\AutoRun\command - "" = E:\autoplay.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 10:01:16 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ScottRichardson\Desktop\OTL.exe
[2012/03/14 11:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Desktop\gmer
[2012/03/14 10:15:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ScottRichardson\Desktop\dds.scr
[2012/03/13 19:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/03/11 15:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Diablo II
[2012/03/11 14:51:55 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/03/11 14:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/03/11 14:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2012/03/11 14:16:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EB424B13-2E57-4A45-936F-A4DFB6DB1688}
[2012/03/10 22:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/03/10 22:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/03/10 22:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\Babylon
[2012/03/10 22:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Application Data\Babylon
[2012/03/10 22:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/09 23:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\NPE
[2012/03/09 22:10:26 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symtdi.sys
[2012/03/09 22:10:26 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symtdiv.sys
[2012/03/09 22:10:25 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symnets.sys
[2012/03/09 22:10:24 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symefa.sys
[2012/03/09 22:10:23 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symds.sys
[2012/03/09 22:10:23 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtspx.sys
[2012/03/09 22:10:22 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtsp.sys
[2012/03/09 22:10:22 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\ironx86.sys
[2012/03/09 22:10:22 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1306010.008\ccsetx86.sys
[2012/03/09 22:08:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1306010.008
[2012/03/09 21:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\My Documents\Symantec
[2012/03/09 19:46:19 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/03/09 19:46:19 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/03/09 19:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/09 19:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/09 19:43:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/03/09 19:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/03/09 19:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/03/09 19:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/03/09 19:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/03/09 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/03/09 19:29:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/03/09 19:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/03/09 18:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Administrative Tools
[2012/03/09 17:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/09 17:07:15 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/09 15:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/09 11:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Application Data\Incredibar.com
[2012/03/09 11:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Application Data\ElevatedDiagnostics
[2012/03/09 11:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/09 11:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/03/09 11:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Google Chrome
[2012/02/27 09:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/26 20:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottRichardson\Local Settings\Application Data\TQVault
[2012/02/26 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Soul's Software
[2012/02/25 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2012/02/15 15:28:48 | 000,339,320 | ---- | C] (Hide My IP) -- C:\WINDOWS\System32\HMIPCore.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 10:04:09 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/15 10:01:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottRichardson\Desktop\OTL.exe
[2012/03/14 22:29:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-839522115-1003UA.job
[2012/03/14 20:06:15 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/03/14 15:10:11 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/03/14 15:10:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/14 15:09:50 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012/03/14 15:09:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/14 11:02:43 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Desktop\gmer.zip
[2012/03/14 10:29:49 | 000,434,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 10:29:49 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 10:29:03 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-839522115-1003Core.job
[2012/03/14 10:15:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ScottRichardson\Desktop\dds.scr
[2012/03/14 10:13:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\defogger_reenable
[2012/03/14 10:12:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Desktop\Defogger.exe
[2012/03/13 15:38:37 | 000,008,727 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\VT20120301.009
[2012/03/13 11:44:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 15:12:26 | 000,035,452 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/03/11 15:08:56 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/03/11 15:08:56 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/03/11 15:08:56 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/03/11 15:08:21 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Desktop\Diablo II - Lord of Destruction.lnk
[2012/03/11 14:51:55 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/03/11 14:51:55 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/03/11 14:19:26 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Start Menu\Programs\Startup\Impulse Now.lnk
[2012/03/11 14:18:39 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameStop.lnk
[2012/03/10 22:33:50 | 000,000,686 | ---- | M] () -- C:\user.js
[2012/03/10 18:00:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/10 14:33:51 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/10 00:14:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/10 00:07:53 | 001,070,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\Cat.DB
[2012/03/09 22:38:27 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/03/09 22:11:22 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/03/09 22:11:22 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/03/09 22:11:22 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/03/09 22:11:22 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/03/09 22:03:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/09 22:03:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/09 19:31:35 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/09 18:17:56 | 000,000,188 | ---- | M] () -- C:\WINDOWS\x
[2012/03/09 11:27:19 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Desktop\Google Chrome.lnk
[2012/03/09 11:27:19 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\ScottRichardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/25 02:08:39 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\isolate.ini
[2012/02/16 12:57:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 11:02:40 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Desktop\gmer.zip
[2012/03/14 10:13:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\defogger_reenable
[2012/03/14 10:12:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Desktop\Defogger.exe
[2012/03/13 15:39:39 | 000,008,727 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\VT20120301.009
[2012/03/11 15:08:21 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Desktop\Diablo II - Lord of Destruction.lnk
[2012/03/11 14:51:59 | 000,035,452 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/03/11 14:51:55 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/03/09 22:36:38 | 001,070,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\Cat.DB
[2012/03/09 22:10:26 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symnetv.inf
[2012/03/09 22:10:25 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symnetv.cat
[2012/03/09 22:10:25 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symnet.inf
[2012/03/09 22:10:24 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symnet.cat
[2012/03/09 22:10:24 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symefa.cat
[2012/03/09 22:10:24 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symefa.inf
[2012/03/09 22:10:23 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symds.cat
[2012/03/09 22:10:23 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtspx.cat
[2012/03/09 22:10:23 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\symds.inf
[2012/03/09 22:10:23 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtspx.inf
[2012/03/09 22:10:22 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtsp.cat
[2012/03/09 22:10:22 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\iron.cat
[2012/03/09 22:10:22 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\srtsp.inf
[2012/03/09 22:10:22 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\iron.inf
[2012/03/09 22:10:21 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\ccsetx86.cat
[2012/03/09 22:10:21 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\ccsetx86.inf
[2012/03/09 22:08:54 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1306010.008\isolate.ini
[2012/03/09 22:03:04 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/09 22:03:04 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/09 22:03:03 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/09 19:46:19 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/03/09 19:46:19 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/03/09 19:46:07 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/03/09 18:20:28 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012/03/09 11:27:19 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Desktop\Google Chrome.lnk
[2012/03/09 11:27:19 | 000,002,336 | ---- | C] () -- C:\Documents and Settings\ScottRichardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/09 11:24:34 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-839522115-1003UA.job
[2012/03/09 11:24:30 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-839522115-1003Core.job
[2012/03/01 01:36:27 | 000,914,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/16 12:09:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 12:09:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/24 17:07:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/24 17:07:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/24 17:07:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/11/12 22:14:50 | 000,011,969 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2011/11/11 23:15:20 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/08 21:06:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011/11/08 20:53:23 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011/11/08 20:24:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011/11/08 20:22:42 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011/11/08 19:42:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/11/08 19:29:52 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/11/08 19:29:52 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/11/08 19:29:50 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/11/08 08:49:02 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/11/07 21:34:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/07 21:16:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/07 20:41:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 20:38:50 | 000,163,896 | ---- | C] () -- C:\WINDOWS\sequencer.exe
[2011/11/07 20:36:28 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/07 20:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 20:28:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/07 19:39:08 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/11/07 19:39:07 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/11/07 19:39:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/11/07 12:21:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/07 12:19:25 | 000,218,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3559.24651__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3559.24651_x-ww_c3393379 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 -> Junction

< End of report >

#4 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 15 March 2012 - 09:55 AM

The original post was too long to include all three logs so I will post them separately.


Extras.txt

OTL Extras logfile created on: 3/15/2012 10:03:15 AM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\ScottRichardson\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.36 Mb Total Physical Memory | 300.06 Mb Available Physical Memory | 29.35% Memory free
2.40 Gb Paging File | 1.32 Gb Available in Paging File | 55.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.64 Gb Total Space | 11.57 Gb Free Space | 22.41% Space Free | Partition Type: NTFS
Drive D: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCOTT | User Name: ScottRichardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00997239-8A42-DEA0-7FA0-1AF26D4174D4}" = CCC Help Dutch
"{01B98AF5-3F68-2B2A-96A9-756427755EE1}" = CCC Help Japanese
"{03694711-6C4B-0CF0-5774-22130FCE0B85}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0F27E26B-6B0D-3339-9C3D-9D9553F0474A}" = Catalyst Control Center Localization All
"{11E48F3E-8975-FEDB-D68C-ED6A5C3DEA43}" = CCC Help Korean
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{137DCFE3-F690-9908-5E9E-9CB49FA89D2B}" = ccc-core-preinstall
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{2ABCF36B-7253-88EE-E3EE-0239EED2C935}" = CCC Help Spanish
"{2C996783-CAE7-C5B5-DDF5-88613DCFC907}" = Skins
"{2ECFBC62-FC62-CA66-8C85-FC867A6E2ECB}" = CCC Help Portuguese
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel® PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53823917-21A6-A0EE-9F4B-F9F153C8C075}" = Catalyst Control Center Graphics Full Existing
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69F30A63-7771-9A9E-3881-4C71B1904492}" = ccc-utility
"{6B707CD5-2425-00B2-B5C8-677862351118}" = CCC Help German
"{71A4AF1A-9C08-9EC0-D246-C120866B798C}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F571DE-144F-E890-CDFA-020241BC5201}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797A9B18-BC2A-C4DD-AF56-0E89699B8030}" = CCC Help Chinese Traditional
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9FABBC7B-287C-90FD-050E-FB51EA2FF60F}" = CCC Help Italian
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2D1C130-C6AB-D8FD-10FC-942FFB9A64F8}" = CCC Help Chinese Standard
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7ACD5B8-72E1-5E50-E8CF-748E5F224F27}" = Catalyst Control Center Graphics Full New
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BBE9576A-0405-F53B-1B69-65D993A13A01}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF292E8C-9606-3B51-6EEF-6AA7D254A30A}" = CCC Help Swedish
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F015E93D-8D56-D76A-6B7D-A3C171471DEC}" = CCC Help French
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AwayTask" = Maintenance Manager
"BabylonToolbar" = Babylon toolbar on IE
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"Diablo II" = Diablo II
"DMX5_is1" = DriverMax 5
"ie8" = Windows Internet Explorer 8
"Impulse®" = Impulse®
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NIS" = Norton Internet Security
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"Premiumplay Codec-C" = Premiumplay Codec-C
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TN33PCSCDriver_is1" = TN33 PCSC Driver Stack 1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2012 7:16:22 PM | Computer Name = SCOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/9/2012 7:20:28 PM | Computer Name = SCOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/9/2012 7:21:26 PM | Computer Name = SCOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/9/2012 7:25:23 PM | Computer Name = SCOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/9/2012 9:51:30 PM | Computer Name = SCOTT | Source = Application Error | ID = 1000
Description = Faulting application tvtpwm_tray.exe, version 2.10.302.0, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00010b2c.

Error - 3/9/2012 11:16:52 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2012 11:17:16 PM | Computer Name = SCOTT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/14/2012 10:29:46 AM | Computer Name = SCOTT | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 11038, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 3/14/2012 10:29:46 AM | Computer Name = SCOTT | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/14/2012 10:29:49 AM | Computer Name = SCOTT | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 11038, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 3/9/2012 7:25:24 PM | Computer Name = SCOTT | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 3/9/2012 7:25:24 PM | Computer Name = SCOTT | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 3/9/2012 7:25:24 PM | Computer Name = SCOTT | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 3/9/2012 9:50:21 PM | Computer Name = SCOTT | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 3/9/2012 10:45:02 PM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 3/9/2012 10:45:02 PM | Computer Name = SCOTT | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 3/9/2012 10:45:03 PM | Computer Name = SCOTT | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 3/9/2012 11:18:57 PM | Computer Name = SCOTT | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 3/10/2012 2:34:13 PM | Computer Name = SCOTT | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 3/10/2012 2:35:51 PM | Computer Name = SCOTT | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR250\0000 disappeared from the system without
first being prepared for removal.


< End of report >

#5 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 15 March 2012 - 09:58 AM

The GMER log is too long to post. I will include the file as an attachment. If that does not work let me know and I will split it up into multiple posts.

Attached Files

  • Attached File  ark.txt   177.11KB   3 downloads


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 15 March 2012 - 10:03 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001/04/30 13:33:00 | 000,032,768 | R--- | M] ()
    O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell - "" = AutoRun
    O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\Shell\AutoRun\command - "" = E:\autoplay.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    FF - prefs.js..network.proxy.http: "184.164.157.186"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.type: 4
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 16 March 2012 - 03:18 PM

I have the log for OTL which I will include below. However, I had a problem with the ComboFix.

I downloaded it to my desktop, turned off the antivirus and ran the program. It installed the Windows Recovery Console and then started running. I let it run but after about ten minutes the screen went black. I thought it might be the screen saver but it never actually came up. I moved the mouse around, but never clicked the mouse, to see if that would get the screen to come back. I waited another twenty minutes or so but it still didn't do anything. The computer was still running but never did anything so I eventually just restarted the computer.

What would you like me to do? Thanks for your help.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f857c1-095a-11e1-98df-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f857c1-095a-11e1-98df-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f857c1-095a-11e1-98df-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f857c1-095a-11e1-98df-806d6172696f}\ not found.
File D:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{939cd522-09af-11e1-ba70-001302ace086}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{939cd522-09af-11e1-ba70-001302ace086}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{939cd522-09af-11e1-ba70-001302ace086}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{939cd522-09af-11e1-ba70-001302ace086}\ not found.
File E:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe not found.
Prefs.js: "184.164.157.186" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 23076592 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: ScottRichardson
->Temp folder emptied: 2301976629 bytes
->Temporary Internet Files folder emptied: 770521651 bytes
->Java cache emptied: 102712 bytes
->FireFox cache emptied: 87419790 bytes
->Google Chrome cache emptied: 6123250 bytes
->Flash cache emptied: 1794 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24696155 bytes
%systemroot%\System32 .tmp files removed: 7103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28314052 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 154707598 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 18834486 bytes

Total Files Cleaned = 3,258.00 mb


OTL by OldTimer - Version 3.2.37.0 log created on 03162012_144548

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_948.dat not found!

Registry entries deleted on Reboot...

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 16 March 2012 - 10:52 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to both available options[/b]
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 17 March 2012 - 11:30 AM

I have run the TDSSKiller. It didn't have the cure option for any of the threats it found. The log is posted below.

Also, the ComboFix program disappeared. It was on my desktop but then when I logged in later it was gone. I never deleted it. Is it suppose to do that? I ran a search for the file but it is no where on my computer.


12:21:56.0328 4804 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:21:58.0328 4804 ============================================================
12:21:58.0390 4804 Current date / time: 2012/03/17 12:21:58.0328
12:21:58.0390 4804 SystemInfo:
12:21:58.0390 4804
12:21:58.0390 4804 OS Version: 5.1.2600 ServicePack: 2.0
12:21:58.0390 4804 Product type: Workstation
12:21:58.0390 4804 ComputerName: SCOTT
12:21:58.0390 4804 UserName: ScottRichardson
12:21:58.0390 4804 Windows directory: C:\WINDOWS
12:21:58.0390 4804 System windows directory: C:\WINDOWS
12:21:58.0390 4804 Processor architecture: Intel x86
12:21:58.0390 4804 Number of processors: 2
12:21:58.0390 4804 Page size: 0x1000
12:21:58.0390 4804 Boot type: Normal boot
12:21:58.0390 4804 ============================================================
12:22:11.0375 4804 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
12:22:11.0453 4804 \Device\Harddisk0\DR0:
12:22:11.0453 4804 MBR used
12:22:11.0453 4804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6749871
12:22:11.0546 4804 Initialize success
12:22:11.0546 4804 ============================================================
12:22:36.0031 5432 ============================================================
12:22:36.0031 5432 Scan started
12:22:36.0031 5432 Mode: Manual; SigCheck; TDLFS;
12:22:36.0031 5432 ============================================================
12:22:36.0671 5432 Abiosdsk - ok
12:22:36.0687 5432 abp480n5 - ok
12:22:36.0750 5432 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:22:38.0718 5432 ACPI - ok
12:22:38.0859 5432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:22:39.0921 5432 ACPIEC - ok
12:22:40.0046 5432 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:22:40.0109 5432 ADIHdAudAddService - ok
12:22:40.0125 5432 adpu160m - ok
12:22:40.0140 5432 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
12:22:40.0171 5432 AEAudioService - ok
12:22:40.0218 5432 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:22:41.0140 5432 aec - ok
12:22:41.0281 5432 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:22:41.0375 5432 AFD - ok
12:22:41.0390 5432 Aha154x - ok
12:22:41.0406 5432 aic78u2 - ok
12:22:41.0421 5432 aic78xx - ok
12:22:41.0437 5432 AliIde - ok
12:22:41.0453 5432 amsint - ok
12:22:41.0500 5432 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
12:22:41.0531 5432 ANC ( UnsignedFile.Multi.Generic ) - warning
12:22:41.0531 5432 ANC - detected UnsignedFile.Multi.Generic (1)
12:22:41.0546 5432 asc - ok
12:22:41.0562 5432 asc3350p - ok
12:22:41.0578 5432 asc3550 - ok
12:22:41.0625 5432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:22:42.0609 5432 AsyncMac - ok
12:22:42.0734 5432 atapi (2218e3fd674dc284ce98c807086cab14) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:22:43.0937 5432 atapi - ok
12:22:44.0000 5432 Atdisk - ok
12:22:44.0234 5432 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:22:44.0468 5432 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
12:22:44.0468 5432 ati2mtag - detected UnsignedFile.Multi.Generic (1)
12:22:44.0609 5432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:22:45.0609 5432 Atmarpc - ok
12:22:45.0718 5432 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
12:22:45.0812 5432 atmeltpm - ok
12:22:45.0859 5432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:22:46.0906 5432 audstub - ok
12:22:47.0015 5432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:22:48.0078 5432 Beep - ok
12:22:48.0281 5432 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
12:22:48.0453 5432 BHDrvx86 - ok
12:22:48.0562 5432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:22:49.0593 5432 cbidf2k - ok
12:22:49.0750 5432 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1306010.008\ccSetx86.sys
12:22:49.0765 5432 ccSet_NIS - ok
12:22:49.0781 5432 cd20xrnt - ok
12:22:49.0828 5432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:22:50.0875 5432 Cdaudio - ok
12:22:51.0062 5432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:22:52.0015 5432 Cdfs - ok
12:22:52.0125 5432 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:22:53.0593 5432 Cdrom - ok
12:22:53.0671 5432 Changer - ok
12:22:53.0734 5432 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:22:54.0750 5432 CmBatt - ok
12:22:54.0828 5432 CmdIde - ok
12:22:54.0875 5432 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:22:54.0890 5432 Compbatt ( UnsignedFile.Multi.Generic ) - warning
12:22:54.0890 5432 Compbatt - detected UnsignedFile.Multi.Generic (1)
12:22:54.0906 5432 Cpqarray - ok
12:22:54.0937 5432 dac2w2k - ok
12:22:54.0953 5432 dac960nt - ok
12:22:54.0968 5432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:22:55.0937 5432 Disk - ok
12:22:56.0093 5432 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:22:56.0171 5432 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0171 5432 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
12:22:56.0437 5432 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:22:56.0468 5432 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0468 5432 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
12:22:56.0546 5432 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
12:22:56.0593 5432 DLADResN ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0593 5432 DLADResN - detected UnsignedFile.Multi.Generic (1)
12:22:56.0625 5432 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:22:56.0671 5432 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0671 5432 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
12:22:56.0734 5432 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:22:56.0750 5432 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0750 5432 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
12:22:56.0859 5432 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:22:56.0890 5432 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0890 5432 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
12:22:56.0906 5432 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
12:22:56.0937 5432 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0937 5432 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
12:22:56.0968 5432 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:22:56.0968 5432 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
12:22:56.0968 5432 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
12:22:57.0000 5432 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:22:57.0031 5432 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
12:22:57.0031 5432 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
12:22:57.0171 5432 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:22:58.0187 5432 dmboot - ok
12:22:58.0359 5432 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:22:59.0484 5432 dmio - ok
12:22:59.0593 5432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:23:00.0656 5432 dmload - ok
12:23:00.0796 5432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:23:01.0812 5432 DMusic - ok
12:23:01.0937 5432 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
12:23:01.0953 5432 DozeHDD - ok
12:23:01.0968 5432 dpti2o - ok
12:23:02.0015 5432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:23:02.0984 5432 drmkaud - ok
12:23:03.0109 5432 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:23:03.0140 5432 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
12:23:03.0140 5432 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
12:23:03.0156 5432 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:23:03.0187 5432 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
12:23:03.0187 5432 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
12:23:03.0234 5432 e1express (c537b7a32dc4d9b0112ed68bdc8395e2) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:23:03.0265 5432 e1express - ok
12:23:03.0375 5432 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:23:03.0421 5432 eeCtrl - ok
12:23:03.0453 5432 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:23:03.0484 5432 EraserUtilRebootDrv - ok
12:23:03.0531 5432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:23:04.0578 5432 Fastfat - ok
12:23:04.0703 5432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
12:23:05.0703 5432 Fdc - ok
12:23:05.0828 5432 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:23:05.0843 5432 Fips ( UnsignedFile.Multi.Generic ) - warning
12:23:05.0843 5432 Fips - detected UnsignedFile.Multi.Generic (1)
12:23:05.0875 5432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:23:06.0875 5432 Flpydisk - ok
12:23:06.0984 5432 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:23:08.0234 5432 FltMgr - ok
12:23:08.0359 5432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:23:09.0562 5432 Fs_Rec - ok
12:23:09.0687 5432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:23:10.0750 5432 Ftdisk - ok
12:23:10.0859 5432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:23:11.0953 5432 Gpc - ok
12:23:12.0062 5432 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:23:12.0140 5432 HDAudBus - ok
12:23:12.0218 5432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:23:13.0218 5432 HidUsb - ok
12:23:13.0296 5432 hpn - ok
12:23:13.0359 5432 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:23:13.0375 5432 HSFHWAZL - ok
12:23:13.0437 5432 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:23:13.0515 5432 HSF_DPV - ok
12:23:13.0640 5432 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:23:13.0718 5432 HTTP - ok
12:23:13.0796 5432 i2omgmt - ok
12:23:13.0812 5432 i2omp - ok
12:23:13.0859 5432 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:23:14.0937 5432 i8042prt - ok
12:23:15.0046 5432 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
12:23:15.0062 5432 IBMPMDRV - ok
12:23:15.0109 5432 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
12:23:15.0156 5432 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
12:23:15.0156 5432 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
12:23:15.0296 5432 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSxpx86.sys
12:23:15.0343 5432 IDSxpx86 - ok
12:23:15.0359 5432 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:23:16.0875 5432 Imapi - ok
12:23:16.0953 5432 ini910u - ok
12:23:16.0968 5432 IntelIde - ok
12:23:17.0031 5432 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:23:18.0437 5432 intelppm - ok
12:23:18.0578 5432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:23:19.0609 5432 Ip6Fw - ok
12:23:19.0734 5432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:23:20.0734 5432 IpFilterDriver - ok
12:23:20.0953 5432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:23:22.0171 5432 IpInIp - ok
12:23:22.0296 5432 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:23:23.0156 5432 IpNat - ok
12:23:23.0281 5432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:23:24.0218 5432 IPSec - ok
12:23:24.0328 5432 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
12:23:25.0265 5432 irda - ok
12:23:25.0375 5432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:23:26.0375 5432 IRENUM - ok
12:23:26.0500 5432 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:23:26.0515 5432 isapnp ( UnsignedFile.Multi.Generic ) - warning
12:23:26.0515 5432 isapnp - detected UnsignedFile.Multi.Generic (1)
12:23:26.0546 5432 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:23:27.0515 5432 Kbdclass - ok
12:23:27.0640 5432 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:23:28.0593 5432 kmixer - ok
12:23:28.0718 5432 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
12:23:28.0796 5432 KSecDD - ok
12:23:28.0812 5432 lbrtfdc - ok
12:23:28.0859 5432 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
12:23:28.0890 5432 lenovo.smi - ok
12:23:28.0937 5432 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:23:28.0968 5432 mdmxsdk - ok
12:23:29.0031 5432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:23:30.0671 5432 mnmdd - ok
12:23:30.0796 5432 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:23:31.0796 5432 Modem - ok
12:23:31.0906 5432 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:23:32.0890 5432 Mouclass - ok
12:23:33.0000 5432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:23:34.0000 5432 mouhid - ok
12:23:34.0109 5432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:23:35.0031 5432 MountMgr - ok
12:23:35.0125 5432 MpKsled900b14 - ok
12:23:35.0250 5432 mraid35x - ok
12:23:35.0296 5432 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:23:36.0140 5432 MRxDAV - ok
12:23:36.0312 5432 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:23:36.0390 5432 MRxSmb - ok
12:23:36.0421 5432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:23:37.0375 5432 Msfs - ok
12:23:37.0468 5432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:23:38.0468 5432 MSKSSRV - ok
12:23:38.0562 5432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:23:39.0562 5432 MSPCLOCK - ok
12:23:39.0687 5432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:23:40.0625 5432 MSPQM - ok
12:23:40.0734 5432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:23:41.0687 5432 mssmbios - ok
12:23:41.0796 5432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:23:42.0812 5432 Mup - ok
12:23:42.0953 5432 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVENG.SYS
12:23:42.0968 5432 NAVENG - ok
12:23:43.0078 5432 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVEX15.SYS
12:23:43.0187 5432 NAVEX15 - ok
12:23:43.0343 5432 NDIS (bc84c4f67d0e880b0c46dc0ce2b8cbaa) C:\WINDOWS\system32\drivers\NDIS.sys
12:23:44.0640 5432 NDIS - ok
12:23:44.0781 5432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:23:44.0796 5432 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
12:23:44.0796 5432 NdisTapi - detected UnsignedFile.Multi.Generic (1)
12:23:44.0843 5432 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:23:46.0109 5432 Ndisuio - ok
12:23:46.0234 5432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:23:47.0125 5432 NdisWan - ok
12:23:47.0265 5432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:23:47.0296 5432 NDProxy ( UnsignedFile.Multi.Generic ) - warning
12:23:47.0296 5432 NDProxy - detected UnsignedFile.Multi.Generic (1)
12:23:47.0328 5432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:23:48.0296 5432 NetBIOS - ok
12:23:48.0421 5432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:23:49.0437 5432 NetBT - ok
12:23:49.0859 5432 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
12:23:50.0515 5432 NETwLx32 - ok
12:23:50.0640 5432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:23:51.0656 5432 Npfs - ok
12:23:51.0765 5432 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
12:23:52.0703 5432 NSCIRDA - ok
12:23:52.0828 5432 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:23:53.0812 5432 Ntfs - ok
12:23:53.0921 5432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:23:54.0890 5432 Null - ok
12:23:54.0984 5432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:23:55.0937 5432 NwlnkFlt - ok
12:23:56.0046 5432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:23:57.0000 5432 NwlnkFwd - ok
12:23:57.0125 5432 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
12:23:58.0015 5432 Parport - ok
12:23:58.0140 5432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:23:58.0140 5432 PartMgr ( UnsignedFile.Multi.Generic ) - warning
12:23:58.0140 5432 PartMgr - detected UnsignedFile.Multi.Generic (1)
12:23:58.0187 5432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:23:59.0156 5432 ParVdm - ok
12:23:59.0265 5432 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:24:00.0140 5432 PCI - ok
12:24:00.0218 5432 PCIDump - ok
12:24:00.0250 5432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:24:01.0109 5432 PCIIde - ok
12:24:01.0328 5432 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:24:02.0328 5432 Pcmcia - ok
12:24:02.0515 5432 PDCOMP - ok
12:24:02.0531 5432 PDFRAME - ok
12:24:02.0546 5432 PDRELI - ok
12:24:02.0562 5432 PDRFRAME - ok
12:24:02.0578 5432 perc2 - ok
12:24:02.0593 5432 perc2hib - ok
12:24:02.0671 5432 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
12:24:02.0703 5432 pmem ( UnsignedFile.Multi.Generic ) - warning
12:24:02.0703 5432 pmem - detected UnsignedFile.Multi.Generic (1)
12:24:02.0750 5432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:24:03.0765 5432 PptpMiniport - ok
12:24:03.0890 5432 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
12:24:03.0984 5432 PRISM_A02 - ok
12:24:04.0031 5432 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
12:24:04.0046 5432 PROCDD - ok
12:24:04.0093 5432 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
12:24:04.0125 5432 psadd - ok
12:24:04.0171 5432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:24:05.0093 5432 PSched - ok
12:24:05.0250 5432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:24:06.0187 5432 Ptilink - ok
12:24:06.0296 5432 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:24:06.0312 5432 PxHelp20 - ok
12:24:06.0328 5432 ql1080 - ok
12:24:06.0343 5432 Ql10wnt - ok
12:24:06.0359 5432 ql12160 - ok
12:24:06.0375 5432 ql1240 - ok
12:24:06.0390 5432 ql1280 - ok
12:24:06.0437 5432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:24:07.0421 5432 RasAcd - ok
12:24:07.0531 5432 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:24:08.0437 5432 Rasirda - ok
12:24:08.0546 5432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:24:09.0500 5432 Rasl2tp - ok
12:24:09.0625 5432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:24:10.0562 5432 RasPppoe - ok
12:24:10.0671 5432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:24:11.0625 5432 Raspti - ok
12:24:11.0750 5432 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:24:12.0703 5432 Rdbss - ok
12:24:12.0812 5432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:24:13.0984 5432 RDPCDD - ok
12:24:14.0171 5432 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:24:15.0093 5432 rdpdr - ok
12:24:15.0218 5432 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:24:16.0140 5432 RDPWD - ok
12:24:16.0250 5432 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:24:17.0250 5432 redbook - ok
12:24:17.0375 5432 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:24:17.0390 5432 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:24:17.0390 5432 s24trans - detected UnsignedFile.Multi.Generic (1)
12:24:17.0437 5432 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:24:18.0484 5432 Secdrv - ok
12:24:18.0609 5432 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
12:24:19.0656 5432 Serial - ok
12:24:19.0781 5432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:24:20.0781 5432 Sfloppy - ok
12:24:20.0921 5432 Shockprf (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
12:24:20.0937 5432 Shockprf - ok
12:24:20.0953 5432 Simbad - ok
12:24:21.0000 5432 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
12:24:21.0031 5432 Smapint ( UnsignedFile.Multi.Generic ) - warning
12:24:21.0031 5432 Smapint - detected UnsignedFile.Multi.Generic (1)
12:24:21.0046 5432 Sparrow - ok
12:24:21.0093 5432 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:24:22.0062 5432 splitter - ok
12:24:22.0187 5432 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:24:23.0093 5432 sr - ok
12:24:23.0265 5432 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS
12:24:23.0312 5432 SRTSP - ok
12:24:23.0359 5432 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1306010.008\SRTSPX.SYS
12:24:23.0375 5432 SRTSPX - ok
12:24:23.0437 5432 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:24:23.0546 5432 Srv - ok
12:24:23.0656 5432 SWDUMon (ab7f6435b3dc381919c3e2cb4d94c7fb) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
12:24:23.0687 5432 SWDUMon - ok
12:24:23.0734 5432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:24:25.0078 5432 swenum - ok
12:24:25.0218 5432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:24:25.0250 5432 swmidi ( UnsignedFile.Multi.Generic ) - warning
12:24:25.0250 5432 swmidi - detected UnsignedFile.Multi.Generic (1)
12:24:25.0265 5432 symc810 - ok
12:24:25.0281 5432 symc8xx - ok
12:24:25.0359 5432 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1306010.008\SYMDS.SYS
12:24:25.0390 5432 SymDS - ok
12:24:25.0468 5432 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1306010.008\SYMEFA.SYS
12:24:25.0531 5432 SymEFA - ok
12:24:25.0640 5432 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:24:25.0671 5432 SymEvent - ok
12:24:25.0734 5432 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1306010.008\Ironx86.SYS
12:24:25.0765 5432 SymIRON - ok
12:24:25.0796 5432 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS
12:24:25.0843 5432 SYMTDI - ok
12:24:25.0859 5432 sym_hi - ok
12:24:25.0875 5432 sym_u3 - ok
12:24:25.0984 5432 SynTP (7e194e86bf306e07470a0ac56b41de83) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:24:26.0078 5432 SynTP - ok
12:24:26.0203 5432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:24:27.0140 5432 sysaudio - ok
12:24:27.0281 5432 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:24:28.0218 5432 Tcpip - ok
12:24:28.0328 5432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:24:29.0593 5432 TDPIPE - ok
12:24:29.0703 5432 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
12:24:29.0734 5432 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
12:24:29.0734 5432 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
12:24:29.0765 5432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:24:30.0781 5432 TDTCP - ok
12:24:30.0906 5432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:24:31.0906 5432 TermDD - ok
12:24:32.0000 5432 TosIde - ok
12:24:32.0031 5432 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
12:24:32.0062 5432 TPDIGIMN - ok
12:24:32.0109 5432 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
12:24:32.0187 5432 TPHKDRV - ok
12:24:32.0250 5432 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
12:24:32.0265 5432 TPPWRIF - ok
12:24:32.0328 5432 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
12:24:32.0343 5432 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
12:24:32.0343 5432 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
12:24:32.0390 5432 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
12:24:32.0453 5432 tvtfilter - ok
12:24:32.0500 5432 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
12:24:32.0515 5432 TVTI2C - ok
12:24:32.0562 5432 tvtumon (a6e0aafbe64592871f9a9f38a61c1fa5) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
12:24:32.0593 5432 tvtumon - ok
12:24:32.0703 5432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:24:33.0718 5432 Udfs - ok
12:24:33.0796 5432 ultra - ok
12:24:33.0859 5432 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:24:34.0875 5432 Update - ok
12:24:35.0000 5432 usbehci (4ffaea1bd071a72dfb76519f5b1da956) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:24:35.0046 5432 usbehci - ok
12:24:35.0093 5432 usbhub (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:24:36.0312 5432 usbhub - ok
12:24:36.0453 5432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:24:37.0734 5432 USBSTOR - ok
12:24:37.0859 5432 usbuhci (1590742573fcafdd9c837478eb1846a4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:24:37.0890 5432 usbuhci - ok
12:24:37.0953 5432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:24:38.0937 5432 VgaSave - ok
12:24:39.0015 5432 ViaIde - ok
12:24:39.0062 5432 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:24:40.0062 5432 VolSnap - ok
12:24:40.0218 5432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:24:41.0125 5432 Wanarp - ok
12:24:41.0281 5432 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:24:41.0312 5432 Wdf01000 - ok
12:24:41.0328 5432 WDICA - ok
12:24:41.0390 5432 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:24:42.0359 5432 wdmaud - ok
12:24:42.0515 5432 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:24:42.0562 5432 winachsf - ok
12:24:42.0640 5432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:24:43.0656 5432 WS2IFSL - ok
12:24:43.0781 5432 WSIMD (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
12:24:43.0812 5432 WSIMD ( UnsignedFile.Multi.Generic ) - warning
12:24:43.0812 5432 WSIMD - detected UnsignedFile.Multi.Generic (1)
12:24:43.0843 5432 MBR (0x1B8) (d6551d046f2048d9572bdf4c367dcf90) \Device\Harddisk0\DR0
12:24:43.0921 5432 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:24:43.0921 5432 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:24:43.0937 5432 Boot (0x1200) (a3c6af6b2d7110fa6393850e6a6d15d3) \Device\Harddisk0\DR0\Partition0
12:24:43.0937 5432 \Device\Harddisk0\DR0\Partition0 - ok
12:24:43.0937 5432 ============================================================
12:24:43.0937 5432 Scan finished
12:24:43.0937 5432 ============================================================
12:24:44.0046 3344 Detected object count: 28
12:24:44.0046 3344 Actual detected object count: 28
12:25:17.0015 3344 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0015 3344 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0015 3344 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0015 3344 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0015 3344 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0015 3344 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0015 3344 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0015 3344 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0031 3344 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0031 3344 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0046 3344 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0046 3344 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0046 3344 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0046 3344 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0046 3344 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0046 3344 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0046 3344 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0046 3344 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0046 3344 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0046 3344 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0062 3344 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0062 3344 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0078 3344 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0078 3344 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0078 3344 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0078 3344 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0078 3344 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0078 3344 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0078 3344 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0078 3344 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0078 3344 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0078 3344 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0093 3344 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
12:25:17.0093 3344 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:25:17.0093 3344 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:25:17.0093 3344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 17 March 2012 - 09:12 PM

Your antivirus probably ate ComboFix. Don't worry about it right now. Do this next, please:

Posted Image Run TDSSKiller again, but this time choose "Delete" for this detection when it comes up:

\Device\Harddisk0\DR0 ( TDSS File System )
Posted Image Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
Please include the following in your next post:
  • TDSSKiller log
  • MBRCheck log

Edited by RPMcMurphy, 17 March 2012 - 09:12 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 18 March 2012 - 11:07 AM

11:59:31.0250 3168 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
11:59:31.0953 3168 ============================================================
11:59:31.0953 3168 Current date / time: 2012/03/18 11:59:31.0953
11:59:31.0953 3168 SystemInfo:
11:59:31.0953 3168
11:59:31.0953 3168 OS Version: 5.1.2600 ServicePack: 2.0
11:59:31.0953 3168 Product type: Workstation
11:59:31.0953 3168 ComputerName: SCOTT
11:59:31.0953 3168 UserName: ScottRichardson
11:59:31.0953 3168 Windows directory: C:\WINDOWS
11:59:31.0953 3168 System windows directory: C:\WINDOWS
11:59:31.0953 3168 Processor architecture: Intel x86
11:59:31.0953 3168 Number of processors: 2
11:59:31.0953 3168 Page size: 0x1000
11:59:31.0953 3168 Boot type: Normal boot
11:59:31.0953 3168 ============================================================
11:59:35.0156 3168 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:59:35.0156 3168 \Device\Harddisk0\DR0:
11:59:35.0156 3168 MBR used
11:59:35.0156 3168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6749871
11:59:35.0187 3168 Initialize success
11:59:35.0187 3168 ============================================================
11:59:43.0140 3664 ============================================================
11:59:43.0140 3664 Scan started
11:59:43.0140 3664 Mode: Manual; SigCheck; TDLFS;
11:59:43.0140 3664 ============================================================
11:59:43.0421 3664 Abiosdsk - ok
11:59:43.0453 3664 abp480n5 - ok
11:59:43.0531 3664 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:59:45.0281 3664 ACPI - ok
11:59:45.0421 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:59:45.0593 3664 ACPIEC - ok
11:59:45.0656 3664 ADIHdAudAddService (77bbece0320a15275f8a6afc70b3e359) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:59:45.0718 3664 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
11:59:45.0718 3664 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
11:59:45.0734 3664 adpu160m - ok
11:59:45.0781 3664 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
11:59:46.0031 3664 aec - ok
11:59:46.0062 3664 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
11:59:46.0109 3664 AFD - ok
11:59:46.0171 3664 Aha154x - ok
11:59:46.0187 3664 aic78u2 - ok
11:59:46.0203 3664 aic78xx - ok
11:59:46.0218 3664 AliIde - ok
11:59:46.0234 3664 amsint - ok
11:59:46.0281 3664 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
11:59:46.0312 3664 ANC ( UnsignedFile.Multi.Generic ) - warning
11:59:46.0312 3664 ANC - detected UnsignedFile.Multi.Generic (1)
11:59:46.0328 3664 asc - ok
11:59:46.0343 3664 asc3350p - ok
11:59:46.0359 3664 asc3550 - ok
11:59:46.0390 3664 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:59:46.0531 3664 AsyncMac - ok
11:59:46.0562 3664 atapi (2218e3fd674dc284ce98c807086cab14) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:59:47.0046 3664 atapi - ok
11:59:47.0062 3664 Atdisk - ok
11:59:47.0296 3664 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:59:47.0531 3664 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
11:59:47.0531 3664 ati2mtag - detected UnsignedFile.Multi.Generic (1)
11:59:47.0656 3664 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:59:47.0875 3664 Atmarpc - ok
11:59:47.0937 3664 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:59:48.0000 3664 atmeltpm - ok
11:59:48.0046 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:59:48.0203 3664 audstub - ok
11:59:48.0234 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:59:48.0375 3664 Beep - ok
11:59:48.0531 3664 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
11:59:48.0625 3664 BHDrvx86 - ok
11:59:48.0796 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:59:49.0046 3664 cbidf2k - ok
11:59:49.0140 3664 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1306010.008\ccSetx86.sys
11:59:49.0203 3664 ccSet_NIS - ok
11:59:49.0218 3664 cd20xrnt - ok
11:59:49.0250 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:59:49.0468 3664 Cdaudio - ok
11:59:49.0546 3664 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
11:59:49.0687 3664 Cdfs - ok
11:59:49.0718 3664 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:59:49.0843 3664 Cdrom - ok
11:59:49.0859 3664 Changer - ok
11:59:49.0906 3664 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:59:50.0031 3664 CmBatt - ok
11:59:50.0046 3664 CmdIde - ok
11:59:50.0062 3664 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:59:50.0078 3664 Compbatt ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0078 3664 Compbatt - detected UnsignedFile.Multi.Generic (1)
11:59:50.0140 3664 Cpqarray - ok
11:59:50.0156 3664 dac2w2k - ok
11:59:50.0171 3664 dac960nt - ok
11:59:50.0203 3664 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
11:59:50.0312 3664 Disk - ok
11:59:50.0375 3664 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:59:50.0406 3664 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0406 3664 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
11:59:50.0437 3664 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:59:50.0437 3664 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0437 3664 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
11:59:50.0468 3664 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:59:50.0484 3664 DLADResN ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0484 3664 DLADResN - detected UnsignedFile.Multi.Generic (1)
11:59:50.0515 3664 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:59:50.0546 3664 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0546 3664 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
11:59:50.0578 3664 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:59:50.0625 3664 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0625 3664 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
11:59:50.0687 3664 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:59:50.0718 3664 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0718 3664 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
11:59:50.0875 3664 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:59:50.0906 3664 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0906 3664 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
11:59:50.0953 3664 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:59:50.0968 3664 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
11:59:50.0968 3664 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
11:59:50.0984 3664 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:59:51.0015 3664 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
11:59:51.0015 3664 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
11:59:51.0109 3664 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
11:59:51.0375 3664 dmboot - ok
11:59:51.0468 3664 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
11:59:51.0593 3664 dmio - ok
11:59:51.0640 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:59:51.0781 3664 dmload - ok
11:59:51.0812 3664 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
11:59:51.0953 3664 DMusic - ok
11:59:51.0984 3664 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:59:52.0000 3664 DozeHDD - ok
11:59:52.0015 3664 dpti2o - ok
11:59:52.0062 3664 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
11:59:52.0187 3664 drmkaud - ok
11:59:52.0203 3664 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:59:52.0234 3664 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
11:59:52.0234 3664 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
11:59:52.0234 3664 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:59:52.0265 3664 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
11:59:52.0265 3664 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
11:59:52.0328 3664 e1express (c537b7a32dc4d9b0112ed68bdc8395e2) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:59:52.0359 3664 e1express - ok
11:59:52.0453 3664 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:59:52.0484 3664 eeCtrl - ok
11:59:52.0656 3664 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
11:59:52.0812 3664 Fastfat - ok
11:59:52.0843 3664 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
11:59:53.0015 3664 Fdc - ok
11:59:53.0046 3664 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
11:59:53.0062 3664 Fips ( UnsignedFile.Multi.Generic ) - warning
11:59:53.0062 3664 Fips - detected UnsignedFile.Multi.Generic (1)
11:59:53.0078 3664 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:59:53.0218 3664 Flpydisk - ok
11:59:53.0250 3664 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:59:53.0625 3664 FltMgr - ok
11:59:53.0656 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:59:53.0781 3664 Fs_Rec - ok
11:59:53.0796 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:59:53.0953 3664 Ftdisk - ok
11:59:53.0984 3664 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:59:54.0125 3664 Gpc - ok
11:59:54.0140 3664 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:59:54.0234 3664 HDAudBus - ok
11:59:54.0343 3664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:59:54.0484 3664 HidUsb - ok
11:59:54.0500 3664 hpn - ok
11:59:54.0546 3664 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:59:54.0562 3664 HSFHWAZL - ok
11:59:54.0625 3664 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:59:54.0671 3664 HSF_DPV - ok
11:59:54.0781 3664 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
11:59:54.0828 3664 HTTP - ok
11:59:54.0906 3664 i2omgmt - ok
11:59:54.0921 3664 i2omp - ok
11:59:54.0968 3664 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:59:55.0156 3664 i8042prt - ok
11:59:55.0218 3664 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:59:55.0234 3664 IBMPMDRV - ok
11:59:55.0296 3664 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:59:55.0312 3664 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:59:55.0312 3664 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:59:55.0453 3664 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSxpx86.sys
11:59:55.0484 3664 IDSxpx86 - ok
11:59:55.0656 3664 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:59:56.0109 3664 Imapi - ok
11:59:56.0140 3664 ini910u - ok
11:59:56.0156 3664 IntelIde - ok
11:59:56.0203 3664 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:59:56.0609 3664 intelppm - ok
11:59:56.0640 3664 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:59:56.0750 3664 Ip6Fw - ok
11:59:56.0781 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:59:56.0921 3664 IpFilterDriver - ok
11:59:57.0000 3664 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:59:57.0125 3664 IpInIp - ok
11:59:57.0156 3664 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:59:57.0265 3664 IpNat - ok
11:59:57.0281 3664 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:59:57.0406 3664 IPSec - ok
11:59:57.0437 3664 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
11:59:57.0546 3664 irda - ok
11:59:57.0640 3664 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:59:57.0750 3664 IRENUM - ok
11:59:57.0859 3664 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:59:57.0890 3664 isapnp ( UnsignedFile.Multi.Generic ) - warning
11:59:57.0890 3664 isapnp - detected UnsignedFile.Multi.Generic (1)
11:59:57.0906 3664 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:59:58.0031 3664 Kbdclass - ok
11:59:58.0062 3664 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
11:59:58.0218 3664 kmixer - ok
11:59:58.0312 3664 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
11:59:58.0406 3664 KSecDD - ok
11:59:58.0421 3664 lbrtfdc - ok
11:59:58.0484 3664 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:59:58.0484 3664 lenovo.smi - ok
11:59:58.0546 3664 MCfilt (abc8bbea8f643e200508c3a2a8e475a9) C:\WINDOWS\system32\drivers\MCfilt32.sys
11:59:58.0578 3664 MCfilt ( UnsignedFile.Multi.Generic ) - warning
11:59:58.0578 3664 MCfilt - detected UnsignedFile.Multi.Generic (1)
11:59:58.0656 3664 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:59:58.0671 3664 mdmxsdk - ok
11:59:58.0765 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:59:59.0000 3664 mnmdd - ok
11:59:59.0078 3664 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
11:59:59.0203 3664 Modem - ok
11:59:59.0265 3664 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:59:59.0390 3664 Mouclass - ok
11:59:59.0437 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:59:59.0578 3664 mouhid - ok
11:59:59.0640 3664 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
11:59:59.0765 3664 MountMgr - ok
11:59:59.0859 3664 MpKsled900b14 - ok
11:59:59.0875 3664 mraid35x - ok
11:59:59.0890 3664 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:00:00.0015 3664 MRxDAV - ok
12:00:00.0156 3664 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:00:00.0265 3664 MRxSmb - ok
12:00:00.0296 3664 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:00:00.0500 3664 Msfs - ok
12:00:00.0531 3664 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:00:00.0656 3664 MSKSSRV - ok
12:00:00.0687 3664 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:00:00.0781 3664 MSPCLOCK - ok
12:00:00.0812 3664 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:00:00.0921 3664 MSPQM - ok
12:00:01.0046 3664 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:00:01.0187 3664 mssmbios - ok
12:00:01.0296 3664 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:00:01.0437 3664 Mup - ok
12:00:01.0640 3664 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVENG.SYS
12:00:01.0671 3664 NAVENG - ok
12:00:01.0765 3664 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVEX15.SYS
12:00:01.0875 3664 NAVEX15 - ok
12:00:02.0000 3664 NDIS (bc84c4f67d0e880b0c46dc0ce2b8cbaa) C:\WINDOWS\system32\drivers\NDIS.sys
12:00:02.0468 3664 NDIS - ok
12:00:02.0531 3664 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:00:02.0546 3664 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
12:00:02.0546 3664 NdisTapi - detected UnsignedFile.Multi.Generic (1)
12:00:02.0640 3664 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:00:03.0062 3664 Ndisuio - ok
12:00:03.0125 3664 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:00:03.0250 3664 NdisWan - ok
12:00:03.0281 3664 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:00:03.0296 3664 NDProxy ( UnsignedFile.Multi.Generic ) - warning
12:00:03.0296 3664 NDProxy - detected UnsignedFile.Multi.Generic (1)
12:00:03.0328 3664 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:00:03.0453 3664 NetBIOS - ok
12:00:03.0484 3664 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:00:03.0625 3664 NetBT - ok
12:00:03.0984 3664 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
12:00:04.0578 3664 NETwLx32 - ok
12:00:04.0718 3664 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:00:04.0921 3664 Npfs - ok
12:00:04.0984 3664 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
12:00:05.0187 3664 NSCIRDA - ok
12:00:05.0234 3664 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:00:05.0406 3664 Ntfs - ok
12:00:05.0468 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:00:05.0609 3664 Null - ok
12:00:05.0640 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:00:05.0781 3664 NwlnkFlt - ok
12:00:05.0859 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:00:06.0000 3664 NwlnkFwd - ok
12:00:06.0046 3664 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
12:00:06.0171 3664 Parport - ok
12:00:06.0187 3664 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:00:06.0187 3664 PartMgr ( UnsignedFile.Multi.Generic ) - warning
12:00:06.0187 3664 PartMgr - detected UnsignedFile.Multi.Generic (1)
12:00:06.0218 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:00:06.0359 3664 ParVdm - ok
12:00:06.0375 3664 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:00:06.0500 3664 PCI - ok
12:00:06.0500 3664 PCIDump - ok
12:00:06.0531 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:00:06.0656 3664 PCIIde - ok
12:00:06.0671 3664 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:00:06.0796 3664 Pcmcia - ok
12:00:06.0828 3664 PDCOMP - ok
12:00:06.0828 3664 PDFRAME - ok
12:00:06.0843 3664 PDRELI - ok
12:00:06.0859 3664 PDRFRAME - ok
12:00:06.0875 3664 perc2 - ok
12:00:06.0890 3664 perc2hib - ok
12:00:06.0953 3664 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
12:00:06.0984 3664 pmem ( UnsignedFile.Multi.Generic ) - warning
12:00:06.0984 3664 pmem - detected UnsignedFile.Multi.Generic (1)
12:00:07.0015 3664 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:00:07.0140 3664 PptpMiniport - ok
12:00:07.0203 3664 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
12:00:07.0296 3664 PRISM_A02 - ok
12:00:07.0390 3664 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
12:00:07.0421 3664 PROCDD - ok
12:00:07.0453 3664 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
12:00:07.0484 3664 psadd - ok
12:00:07.0515 3664 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:00:07.0718 3664 PSched - ok
12:00:07.0812 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:00:08.0031 3664 Ptilink - ok
12:00:08.0140 3664 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:00:08.0140 3664 PxHelp20 - ok
12:00:08.0156 3664 ql1080 - ok
12:00:08.0171 3664 Ql10wnt - ok
12:00:08.0187 3664 ql12160 - ok
12:00:08.0203 3664 ql1240 - ok
12:00:08.0218 3664 ql1280 - ok
12:00:08.0234 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:00:08.0375 3664 RasAcd - ok
12:00:08.0406 3664 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:00:08.0500 3664 Rasirda - ok
12:00:08.0515 3664 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:00:08.0625 3664 Rasl2tp - ok
12:00:08.0718 3664 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:00:08.0843 3664 RasPppoe - ok
12:00:08.0859 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:00:09.0015 3664 Raspti - ok
12:00:09.0093 3664 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:00:09.0218 3664 Rdbss - ok
12:00:09.0234 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:00:09.0375 3664 RDPCDD - ok
12:00:09.0421 3664 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:00:09.0562 3664 rdpdr - ok
12:00:09.0625 3664 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:00:09.0750 3664 RDPWD - ok
12:00:09.0765 3664 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:00:09.0906 3664 redbook - ok
12:00:09.0953 3664 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:00:09.0968 3664 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:00:09.0968 3664 s24trans - detected UnsignedFile.Multi.Generic (1)
12:00:10.0078 3664 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:00:10.0187 3664 Secdrv - ok
12:00:10.0218 3664 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
12:00:10.0328 3664 Serial - ok
12:00:10.0375 3664 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:00:10.0484 3664 Sfloppy - ok
12:00:10.0531 3664 Shockprf (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
12:00:10.0546 3664 Shockprf - ok
12:00:10.0546 3664 Simbad - ok
12:00:10.0609 3664 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
12:00:10.0625 3664 Smapint ( UnsignedFile.Multi.Generic ) - warning
12:00:10.0625 3664 Smapint - detected UnsignedFile.Multi.Generic (1)
12:00:10.0640 3664 Sparrow - ok
12:00:10.0671 3664 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:00:10.0796 3664 splitter - ok
12:00:10.0812 3664 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:00:10.0921 3664 sr - ok
12:00:11.0015 3664 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS
12:00:11.0078 3664 SRTSP - ok
12:00:11.0187 3664 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1306010.008\SRTSPX.SYS
12:00:11.0187 3664 SRTSPX - ok
12:00:11.0250 3664 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:00:11.0359 3664 Srv - ok
12:00:11.0421 3664 SWDUMon (ab7f6435b3dc381919c3e2cb4d94c7fb) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
12:00:11.0437 3664 SWDUMon - ok
12:00:11.0468 3664 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:00:11.0671 3664 swenum - ok
12:00:11.0687 3664 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:00:11.0718 3664 swmidi ( UnsignedFile.Multi.Generic ) - warning
12:00:11.0718 3664 swmidi - detected UnsignedFile.Multi.Generic (1)
12:00:11.0734 3664 symc810 - ok
12:00:11.0750 3664 symc8xx - ok
12:00:11.0812 3664 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1306010.008\SYMDS.SYS
12:00:11.0859 3664 SymDS - ok
12:00:12.0015 3664 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1306010.008\SYMEFA.SYS
12:00:12.0093 3664 SymEFA - ok
12:00:12.0125 3664 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:00:12.0140 3664 SymEvent - ok
12:00:12.0187 3664 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1306010.008\Ironx86.SYS
12:00:12.0203 3664 SymIRON - ok
12:00:12.0281 3664 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS
12:00:12.0328 3664 SYMTDI - ok
12:00:12.0328 3664 sym_hi - ok
12:00:12.0359 3664 sym_u3 - ok
12:00:12.0468 3664 SynTP (7e194e86bf306e07470a0ac56b41de83) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:00:12.0562 3664 SynTP - ok
12:00:12.0687 3664 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:00:12.0906 3664 sysaudio - ok
12:00:13.0046 3664 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:00:13.0171 3664 Tcpip - ok
12:00:13.0218 3664 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:00:13.0328 3664 TDPIPE - ok
12:00:13.0375 3664 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
12:00:13.0390 3664 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
12:00:13.0390 3664 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
12:00:13.0437 3664 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:00:13.0609 3664 TDTCP - ok
12:00:13.0687 3664 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:00:13.0890 3664 TermDD - ok
12:00:13.0906 3664 TosIde - ok
12:00:14.0000 3664 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
12:00:14.0000 3664 TPDIGIMN - ok
12:00:14.0046 3664 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
12:00:14.0109 3664 TPHKDRV - ok
12:00:14.0156 3664 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
12:00:14.0156 3664 TPPWRIF - ok
12:00:14.0187 3664 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
12:00:14.0203 3664 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
12:00:14.0203 3664 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
12:00:14.0234 3664 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
12:00:14.0265 3664 tvtfilter - ok
12:00:14.0312 3664 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
12:00:14.0328 3664 TVTI2C - ok
12:00:14.0359 3664 tvtumon (a6e0aafbe64592871f9a9f38a61c1fa5) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
12:00:14.0375 3664 tvtumon - ok
12:00:14.0421 3664 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:00:14.0625 3664 Udfs - ok
12:00:14.0671 3664 ultra - ok
12:00:14.0734 3664 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:00:14.0859 3664 Update - ok
12:00:14.0890 3664 usbehci (4ffaea1bd071a72dfb76519f5b1da956) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:00:14.0953 3664 usbehci - ok
12:00:15.0000 3664 usbhub (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:00:15.0375 3664 usbhub - ok
12:00:15.0421 3664 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:00:15.0546 3664 USBSTOR - ok
12:00:15.0593 3664 usbuhci (1590742573fcafdd9c837478eb1846a4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:00:15.0609 3664 usbuhci - ok
12:00:15.0656 3664 Vbemp (b2236c2563d414a12ac376bd58a23d39) C:\WINDOWS\system32\DRIVERS\Vbemp.sys
12:00:15.0671 3664 Vbemp ( UnsignedFile.Multi.Generic ) - warning
12:00:15.0671 3664 Vbemp - detected UnsignedFile.Multi.Generic (1)
12:00:15.0687 3664 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:00:15.0796 3664 VgaSave - ok
12:00:15.0812 3664 ViaIde - ok
12:00:15.0859 3664 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:00:15.0984 3664 VolSnap - ok
12:00:16.0078 3664 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:00:16.0234 3664 Wanarp - ok
12:00:16.0296 3664 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:00:16.0328 3664 Wdf01000 - ok
12:00:16.0328 3664 WDICA - ok
12:00:16.0390 3664 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:00:16.0515 3664 wdmaud - ok
12:00:16.0625 3664 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:00:16.0812 3664 winachsf - ok
12:00:17.0062 3664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:00:17.0281 3664 WS2IFSL - ok
12:00:17.0328 3664 WSIMD (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
12:00:17.0343 3664 WSIMD ( UnsignedFile.Multi.Generic ) - warning
12:00:17.0343 3664 WSIMD - detected UnsignedFile.Multi.Generic (1)
12:00:17.0375 3664 MBR (0x1B8) (d6551d046f2048d9572bdf4c367dcf90) \Device\Harddisk0\DR0
12:00:17.0484 3664 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:00:17.0484 3664 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:00:17.0484 3664 Boot (0x1200) (a3c6af6b2d7110fa6393850e6a6d15d3) \Device\Harddisk0\DR0\Partition0
12:00:17.0484 3664 \Device\Harddisk0\DR0\Partition0 - ok
12:00:17.0484 3664 ============================================================
12:00:17.0484 3664 Scan finished
12:00:17.0484 3664 ============================================================
12:00:17.0593 0228 Detected object count: 31
12:00:17.0593 0228 Actual detected object count: 31
12:00:47.0718 0228 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0718 0228 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0718 0228 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0718 0228 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0718 0228 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0718 0228 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0734 0228 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0734 0228 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0734 0228 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0734 0228 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0734 0228 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0734 0228 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0734 0228 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0734 0228 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0734 0228 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0734 0228 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0750 0228 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0750 0228 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0750 0228 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0750 0228 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0750 0228 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0750 0228 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0750 0228 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0750 0228 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0750 0228 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0750 0228 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0765 0228 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0765 0228 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0765 0228 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0765 0228 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0765 0228 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0765 0228 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0765 0228 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0765 0228 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0765 0228 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0765 0228 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0781 0228 MCfilt ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0781 0228 MCfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0781 0228 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0781 0228 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0781 0228 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0781 0228 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0781 0228 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0781 0228 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0781 0228 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0781 0228 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0796 0228 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0796 0228 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0796 0228 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0796 0228 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0796 0228 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0796 0228 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0796 0228 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0796 0228 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0812 0228 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0812 0228 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0812 0228 Vbemp ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0812 0228 Vbemp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0812 0228 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
12:00:47.0812 0228 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:47.0984 0228 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:00:48.0000 0228 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
12:00:48.0000 0228 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
12:00:48.0015 0228 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
12:00:48.0015 0228 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
12:00:48.0015 0228 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
12:00:48.0031 0228 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
12:00:48.0046 0228 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
12:00:48.0062 0228 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
12:00:48.0140 0228 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:00:48.0171 0228 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:00:48.0187 0228 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:00:48.0218 0228 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:00:48.0250 0228 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
12:00:48.0265 0228 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
12:00:48.0265 0228 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
12:00:48.0281 0228 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
12:00:48.0375 0228 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
12:00:48.0484 0228 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
12:00:48.0484 0228 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
12:00:48.0546 0228 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
12:00:48.0578 0228 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
12:00:48.0578 0228 \Device\Harddisk0\DR0\TDLFS - deleted
12:00:48.0578 0228 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
12:00:53.0312 4976 Deinitialize success

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 164):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xF7B11000 \WINDOWS\system32\KDCOM.DLL
0xF7A21000 \WINDOWS\system32\BOOTVID.dll
0xF74E2000 ACPI.sys
0xF7B13000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D1000 pci.sys
0xF7611000 isapnp.sys
0xF7A25000 compbatt.sys
0xF7A29000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD9000 pciide.sys
0xF7891000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B3000 pcmcia.sys
0xF7621000 MountMgr.sys
0xF7494000 ftdisk.sys
0xF7A2D000 ACPIEC.sys
0xF7BDA000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7899000 PartMgr.sys
0xF7631000 VolSnap.sys
0xF747C000 atapi.sys
0xF7641000 disk.sys
0xF7651000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF745C000 fltMgr.sys
0xF7405000 SYMDS.SYS
0xF73F3000 sr.sys
0xF730F000 SYMEFA.SYS
0xF72F9000 DRVMCDB.SYS
0xF7661000 PxHelp20.sys
0xF72E2000 KSecDD.sys
0xF78A1000 DozeHDD.sys
0xF7255000 Ntfs.sys
0xF7228000 NDIS.sys
0xF7671000 ApsHM86.sys
0xF7206000 Apsx86.sys
0xF71EB000 Mup.sys
0xF7761000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF717A000 \SystemRoot\system32\DRIVERS\Vbemp.sys
0xF6AAB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5DC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5D86000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF5738000 \SystemRoot\system32\DRIVERS\NETwLx32.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5714000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79F9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7781000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF55CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B47000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7791000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5559000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7A09000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A11000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF715E000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7A19000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xF7156000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF78B1000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF77A1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B55000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF6B4F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6B3F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5536000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7C89000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78C9000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B2F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7146000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF551F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6B1F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6B0F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF550E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6AFF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D9000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78E1000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF54DD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6AEF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78E9000 \SystemRoot\system32\DRIVERS\psadd.sys
0xF78F1000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xF7B57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5481000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AF9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77B1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF53F7000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xF53D5000 \SystemRoot\system32\drivers\portcls.sys
0xF7811000 \SystemRoot\system32\drivers\drmk.sys
0xF7821000 \SystemRoot\system32\drivers\MCfilt32.sys
0xF53A1000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF52B0000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF51FD000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7919000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7851000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF51B9000 \SystemRoot\system32\drivers\NIS\1306010.008\ccSetx86.sys
0xF5192000 \SystemRoot\system32\drivers\NIS\1306010.008\Ironx86.SYS
0xF7881000 \SystemRoot\system32\DRIVERS\tvtumon.sys
0xF7BA1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C78000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BA3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7951000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7959000 \SystemRoot\System32\drivers\vga.sys
0xF7BA5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BA7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7961000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7969000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF54D1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF515F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5107000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF50A9000 \SystemRoot\System32\Drivers\NIS\1306010.008\SYMTDI.SYS
0xF5088000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF505E000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF5003000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSxpx86.sys
0xF4FDB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF54BD000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF4FB9000 \SystemRoot\System32\drivers\afd.sys
0xF76B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7971000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF7BA9000 \SystemRoot\System32\drivers\Tppwrif.sys
0xF7979000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xF7981000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF76C1000 \SystemRoot\system32\drivers\NIS\1306010.008\SRTSPX.SYS
0xF7989000 \SystemRoot\System32\drivers\Smapint.sys
0xF4F6D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4ED6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7BAB000 \SystemRoot\system32\DRIVERS\smiif32.sys
0xF7BAD000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xF76D1000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4DB8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF4CEC000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
0xF5475000 \SystemRoot\System32\drivers\ANC.SYS
0xF7751000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4CAC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B85000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4CD8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7941000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D0A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4E46000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xF4E36000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C0C000 \SystemRoot\System32\DLA\DLADResN.SYS
0xF482E000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF494C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7B5F000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF4C64000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xF47EE000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xF47D8000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF46AA000 \SystemRoot\system32\DRIVERS\irda.sys
0xF47D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF47C8000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xF4425000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7911000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xF4155000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF3F46000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7BD3000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xF39B2000 \SystemRoot\System32\Drivers\NIS\1306010.008\SRTSP.SYS
0xF37E2000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVEX15.SYS
0xF37CE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120316.035\NAVENG.SYS
0xF36F1000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3E8E000 \SystemRoot\system32\drivers\sysaudio.sys
0xF32EB000 \SystemRoot\System32\Drivers\HTTP.sys
0xF26CD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
0xF26A3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
844 C:\WINDOWS\system32\smss.exe
912 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
980 C:\WINDOWS\system32\services.exe
992 C:\WINDOWS\system32\lsass.exe
1176 C:\WINDOWS\system32\ibmpmsvc.exe
1272 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1384 C:\WINDOWS\system32\svchost.exe
1564 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1652 svchost.exe
1692 svchost.exe
2008 C:\WINDOWS\system32\spoolsv.exe
1964 svchost.exe
1928 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
236 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
252 C:\WINDOWS\system32\IPSSVC.EXE
284 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
408 C:\WINDOWS\system32\acs.exe
556 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
584 C:\WINDOWS\system32\AEADISRV.EXE
668 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
708 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
880 wmiprvse.exe
1048 PresentationFontCache.exe
1644 unsecapp.exe
760 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
908 C:\Program Files\Java\jre6\bin\jqs.exe
1840 C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe
2172 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2296 C:\Program Files\Lenovo\System Update\SUService.exe
2388 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2464 C:\WINDOWS\system32\TpKmpSvc.exe
2524 tvttcsd.exe
2548 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2612 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2724 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
2784 C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
2884 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
2940 C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
3428 alg.exe
2804 C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe
2900 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3720 C:\WINDOWS\explorer.exe
3732 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
3764 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2428 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
1440 C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
1268 C:\WINDOWS\system32\TpShocks.exe
3496 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3904 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1972 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
1592 C:\WINDOWS\system32\wuauclt.exe
3724 C:\WINDOWS\system32\svchost.exe
3376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3564 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3636 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
3896 C:\WINDOWS\system32\rundll32.exe
3900 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1244 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
720 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
1816 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2420 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
4320 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
4356 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
5064 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5444 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
5676 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1824 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
4608 C:\WINDOWS\system32\ctfmon.exe
5268 C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
5492 C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
5764 C:\Program Files\Digital Line Detect\DLG.exe
6132 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3528 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4452 C:\Program Files\Mozilla Firefox\firefox.exe
5604 C:\Program Files\Mozilla Firefox\plugin-container.exe
4136 C:\WINDOWS\system32\wscntfy.exe
4552 C:\Documents and Settings\ScottRichardson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3IC60H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: C40B93425941EE96783A9792A2A6C67E6547D85F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 18 March 2012 - 11:59 AM

I'd like you to try running ComboFix again, but this time do it from the Safe Mode. Here are the download links again:

Link 1
Link 2

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 March 2012 - 05:57 PM

I ran the ComboFix program again but it did not seem to be doing anything. I let it run overnight, for over ten hours. It kept saying that it was scanning for infected files. Maybe I should have let it keep going but the activity light on my computer did not blink once during the entire time.

Is there something else you would like me to try or should I run the ComboFix again? Thanks.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 19 March 2012 - 10:39 PM

Run these for me, please:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 sarichardson

sarichardson
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 21 March 2012 - 05:31 PM

I ran both scans. ESET did not pick up anything. Here is the log for Malwarebytes.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
ScottRichardson :: SCOTT [administrator]

Protection: Disabled

3/20/2012 5:51:57 PM
mbam-log-2012-03-20 (17-51-57).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329807
Time elapsed: 2 hour(s), 6 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\System Volume Information\_restore{528A4C86-7B39-4505-9336-8B54319C283A}\RP234\A0066163.exe (Affiliate.Downloader) -> No action taken.
C:\TDSSKiller_Quarantine\18.03.2012_11.59.31\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.03.2012_11.59.31\tdlfs0000\tsk0017.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.03.2012_11.59.31\tdlfs0000\tsk0018.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users