Author Topic: [Resolved K] got something going on, what do you think? (Read 4384 times)

ngt · « **Reply #30 on:** March 15, 2012, 08:24:12 AM »

Ok, so here's what happened. I hit "fix" and it said it was fixed successfully and when I restarted the computer, I couldn't find the log. So, I reran the program and the fixMBR button was lit this time. I clicked that and it said that it fixed windows 501 something.. I saved the log and restarted the computer again and ran combofix but I can't disable nortons in safe mode for some reason, so I ran it anyways. Thats where I'm at. Hopefully I didn't screw anything up more.

I still don't see an MBR.dat file anywhere on my desktop, just that video file. I zipped it again and attached it anyways.

aswMBR (after fix and fixMBR)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-15 05:34:10
-----------------------------
05:34:10.531 OS Version: Windows 5.1.2600 Service Pack 2
05:34:10.531 Number of processors: 2 586 0x4802
05:34:10.531 ComputerName: ERIC2 UserName: Owner
05:34:16.265 Initialize success
05:45:03.187 AVAST engine defs: 12031401
05:49:16.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
05:49:16.500 Disk 0 Vendor: ST9160821A 3.ALC Size: 152627MB BusType: 3
05:49:16.609 Disk 0 MBR read successfully
05:49:16.671 Disk 0 MBR scan
05:49:16.875 Disk 0 unknown MBR code
05:49:16.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145612 MB offset 14346045
05:49:17.031 Disk 0 Partition 2 00 0B FAT32 RECOVERY 7004 MB offset 63
05:49:17.125 Disk 0 scanning sectors +312560640
05:49:17.406 Disk 0 scanning C:\WINDOWS\system32\drivers
05:49:57.515 Service scanning
05:51:39.750 Modules scanning
05:52:09.031 Disk 0 trace - called modules:
05:52:09.171 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
05:52:09.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89fc0030]
05:52:09.390 3 CLASSPNP.SYS[f76d805b] -> nt!IofCallDriver -> \Device\000000ab[0x89fc5968]
05:52:09.562 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89f89d98]
05:52:15.015 AVAST engine scan C:\WINDOWS
05:52:46.093 AVAST engine scan C:\WINDOWS\system32
06:14:03.218 AVAST engine scan C:\WINDOWS\system32\drivers
06:15:00.703 AVAST engine scan C:\Documents and Settings\TEMP
06:22:02.453 AVAST engine scan C:\Documents and Settings\All Users
06:28:39.843 Scan finished successfully
06:29:43.203 Verifying
06:29:53.281 Disk 0 Windows 501 MBR fixed successfully
06:38:28.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEMP\Desktop\MBR.dat"
06:38:28.890 The log file has been saved successfully to "C:\Documents and Settings\TEMP\Desktop\aswMBR.txt"

Combo Fix Log:

ComboFix 12-03-15.02 - Owner 03/15/2012 6:53.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1615 [GMT -7:00]
Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 05:01 . 2012-03-15 05:01   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2012-03-15 05:01 . 2012-03-15 05:01   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2012-03-13 23:49 . 2011-12-10 22:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-12 01:43 . 2012-03-12 01:43   --------   d-----w-   c:\program files\ESET
2012-03-07 01:54 . 2012-03-07 01:54   388096   ----a-r-   c:\documents and settings\TEMP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 23:21 . 2012-03-04 23:21   --------   d-----w-   c:\documents and settings\TEMP\Application Data\Malwarebytes
2012-03-04 19:29 . 2012-03-04 20:58   --------   d-----w-   C:\neogeo
2012-03-04 18:35 . 2012-03-04 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Premium
2012-03-04 18:34 . 2012-03-04 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-03-03 14:53 . 2012-03-03 14:53   --------   d-----w-   c:\program files\BitPim
2012-03-01 01:40 . 2012-03-04 17:08   --------   d-----w-   c:\program files\Common Files\FreeCause
2012-03-01 01:40 . 2012-03-01 01:40   --------   d-----w-   c:\documents and settings\TEMP\Local Settings\Application Data\blekkotb
2012-03-01 01:40 . 2012-03-13 23:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-02-22 02:08 . 2012-02-22 02:08   --------   d-----w-   c:\program files\MSXML 6.0
2012-02-21 06:20 . 2012-02-21 06:20   --------   d-----w-   c:\documents and settings\TEMP\Application Data\EPSON
2012-02-21 06:19 . 2004-08-04 08:56   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2012-02-21 06:19 . 2001-08-18 06:36   5632   ----a-w-   c:\windows\system32\ptpusb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 13:07 . 2011-04-15 00:26   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.

Code: [Select]

<pre>
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
</pre>

.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_22.09.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-17 09:23 . 2012-03-11 20:41   63930 c:\windows\system32\perfc009.dat
- 2006-06-17 09:23 . 2011-11-06 14:38   63930 c:\windows\system32\perfc009.dat
+ 2006-06-17 09:35 . 2005-08-06 03:56   64512 c:\windows\ehome\ehtray.exe
+ 2006-06-17 09:23 . 2012-03-11 20:41   406896 c:\windows\system32\perfh009.dat
- 2006-06-17 09:23 . 2011-11-06 14:38   406896 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-27 1458176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-08-17 405504]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-26 185896]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-11-22 2168360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2006-11-22 749568]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-12 05:40   1236992   ----a-w-   c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 22:09   102400   ------w-   c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 17:36   256576   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-17 01:21   28672   ----a-w-   c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-26 02:58   282624   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42   212992   ----a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24   966656   ----a-w-   c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-27 00:46   1458176   ----a-w-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 32 (0x20)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1207000.00D\symds.sys [1/31/2012 7:46 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1207000.00D\symefa.sys [1/31/2012 7:46 AM 744568]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [11/22/2006 7:11 PM 180480]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [3/2/2012 11:58 AM 820856]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1207000.00D\ironx86.sys [1/31/2012 7:46 AM 136312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:14 AM 135664]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe [1/31/2012 7:46 AM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 3:05 PM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:14 AM 135664]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120313.001\IDSXpx86.sys [3/13/2012 5:15 PM 356280]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [11/22/2006 7:11 PM 13532]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]
.
2012-03-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:48]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:13]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:13]
.
2007-01-15 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]
.
2012-03-14 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2012-02-08 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-05 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-11-11 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:bassdlr@sonic.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\ti4hxa6l.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 07:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
c:\windows\system32\ac3filter.acm
c:\windows\system32\DivXa32.acm
c:\windows\system32\LameACM.acm
c:\windows\system32\IEFRAME.dll
.
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-03-15 07:16:14
ComboFix-quarantined-files.txt 2012-03-15 14:16
ComboFix2.txt 2012-03-15 11:01
ComboFix3.txt 2012-03-13 23:42
ComboFix4.txt 2012-03-13 13:15
ComboFix5.txt 2012-03-15 13:50
.
Pre-Run: 26,307,518,464 bytes free
Post-Run: 26,409,836,544 bytes free
.
- - End Of File - - E8E6F97D4BF3754014677D84135096E1

EDIT: JUST WANTED TO SAY THANK YOU FOR EVERYTHING!!!!!

kevinf80 · « **Reply #31 on:** March 15, 2012, 12:21:31 PM »

See if your system will boot into Normal mode for this scan...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]

ClearJavaCache::
Killall::
RenV::
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, Hover your cursor over "view report" and it will open, copy and paste to next reply....

Let me see those two logs, also give an update on current issues/concerns....

Kevin

ngt · « **Reply #32 on:** March 15, 2012, 07:18:51 PM »

couldn't do it in normal mode, safe mode only and with Nortons on. Biggest issue now is the computer not starting. I took a video, and some screen shots, but my computer won't recognize my sd card in safe mode :( It still gets to the "Microsoft Windows XP" screen with the 3 blue blocks going across the bar over and over and over. It use to freeze (the 3 blocks) and the start up. Now they just scroll and scroll forever.

ComboFix 12-03-15.02 - Owner 03/15/2012 17:15:40.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1590 [GMT -7:00]
Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TEMP\Desktop\CFScript.txt
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-15 05:01 . 2012-03-15 05:01   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2012-03-15 05:01 . 2012-03-15 05:01   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2012-03-13 23:49 . 2011-12-10 22:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-12 01:43 . 2012-03-12 01:43   --------   d-----w-   c:\program files\ESET
2012-03-07 01:54 . 2012-03-07 01:54   388096   ----a-r-   c:\documents and settings\TEMP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 23:21 . 2012-03-04 23:21   --------   d-----w-   c:\documents and settings\TEMP\Application Data\Malwarebytes
2012-03-04 19:29 . 2012-03-04 20:58   --------   d-----w-   C:\neogeo
2012-03-04 18:35 . 2012-03-04 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Premium
2012-03-04 18:34 . 2012-03-04 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-03-03 14:53 . 2012-03-03 14:53   --------   d-----w-   c:\program files\BitPim
2012-03-01 01:40 . 2012-03-04 17:08   --------   d-----w-   c:\program files\Common Files\FreeCause
2012-03-01 01:40 . 2012-03-01 01:40   --------   d-----w-   c:\documents and settings\TEMP\Local Settings\Application Data\blekkotb
2012-03-01 01:40 . 2012-03-13 23:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-02-22 02:08 . 2012-02-22 02:08   --------   d-----w-   c:\program files\MSXML 6.0
2012-02-21 06:20 . 2012-02-21 06:20   --------   d-----w-   c:\documents and settings\TEMP\Application Data\EPSON
2012-02-21 06:19 . 2004-08-04 08:56   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2012-02-21 06:19 . 2001-08-18 06:36   5632   ----a-w-   c:\windows\system32\ptpusb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-01 13:07 . 2011-04-15 00:26   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_22.09.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-17 09:23 . 2012-03-11 20:41   63930 c:\windows\system32\perfc009.dat
- 2006-06-17 09:23 . 2011-11-06 14:38   63930 c:\windows\system32\perfc009.dat
+ 2006-06-17 09:35 . 2005-08-06 03:56   64512 c:\windows\ehome\ehtray.exe
+ 2006-06-17 09:23 . 2012-03-11 20:41   406896 c:\windows\system32\perfh009.dat
- 2006-06-17 09:23 . 2011-11-06 14:38   406896 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-27 1458176]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-08-17 405504]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-26 185896]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-11-22 2168360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2006-11-22 749568]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-12 05:40   1236992   ----a-w-   c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 22:09   102400   ------w-   c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 17:36   256576   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-17 01:21   28672   ----a-w-   c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-26 02:58   282624   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42   212992   ----a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24   966656   ----a-w-   c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-27 00:46   1458176   ----a-w-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 32 (0x20)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1207000.00D\symds.sys [1/31/2012 7:46 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1207000.00D\symefa.sys [1/31/2012 7:46 AM 744568]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [11/22/2006 7:11 PM 180480]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [3/2/2012 11:58 AM 820856]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1207000.00D\ironx86.sys [1/31/2012 7:46 AM 136312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:14 AM 135664]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe [1/31/2012 7:46 AM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 3:05 PM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:14 AM 135664]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120313.001\IDSXpx86.sys [3/13/2012 5:15 PM 356280]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [11/22/2006 7:11 PM 13532]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]
.
2012-03-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:48]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:13]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 07:13]
.
2007-01-15 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]
.
2012-03-14 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2012-02-08 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-05 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-11-11 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:bassdlr@sonic.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\ti4hxa6l.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 17:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
c:\windows\system32\ac3filter.acm
c:\windows\system32\DivXa32.acm
c:\windows\system32\LameACM.acm
c:\windows\system32\IEFRAME.dll
.
- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2012-03-15 17:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 00:47
ComboFix2.txt 2012-03-15 14:16
ComboFix3.txt 2012-03-15 11:01
ComboFix4.txt 2012-03-13 23:42
ComboFix5.txt 2012-03-16 00:12
.
Pre-Run: 26,422,157,312 bytes free
Post-Run: 26,410,602,496 bytes free
.
- - End Of File - - 72353D15123D7CF95517A024F8F485DA

and

QuickScan 32-bit v0.9.9.111
---------------------------
Scan date: Thu Mar 15 18:05:52 2012
Machine ID: 6824B1E0

No infection found.
-------------------

Processes
---------
Microsoft® Windows® Operating System 2020 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 820 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 540 C:\WINDOWS\system32\notepad.exe
Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1196 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 764 C:\WINDOWS\system32\winlogon.exe
Opera Internet Browser 1724 C:\Program Files\Opera\opera.exe
(verified) Windows® Internet Explorer 560 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1132 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2044 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process opera.exe (1724) connected on port 80 (HTTP) --> 23.3.68.106
Process opera.exe (1724) connected on port 80 (HTTP) --> 23.3.68.106
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.125.224.124
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.125.224.124
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.6.238.254
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.125.224.124
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.125.224.92
Process opera.exe (1724) connected on port 80 (HTTP) --> 74.125.224.92
Process opera.exe (1724) connected on port 80 (HTTP) --> 91.203.99.45
Process iexplore.exe (2044) connected on port 80 (HTTP) --> 74.125.224.33
Process iexplore.exe (2044) connected on port 80 (HTTP) --> 96.17.239.139
Process iexplore.exe (2044) connected on port 80 (HTTP) --> 23.3.12.194

Process svchost.exe (980) listens on ports: 3389 (Terminal Server)
Process svchost.exe (1052) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
AMTDeviceService.exe C:\Program Files\AMT Media Manager\AMTDeviceService.exe
Anti-phishing Domain Advisor C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ATI External Event Utility for NT, W2K C:\WINDOWS\system32\Ati2evxx.dll
C-Major Audio C:\WINDOWS\stsystra.exe
Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
gtw_logo.scr C:\WINDOWS\system32\gtw_logo.scr
IDT Audio C:\Program Files\IDT\WDM\sttray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
McAfee SpamKiller C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\OOBE\oobebaln.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\rundll32.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\upnpui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
ParetoLogic Update Application C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
PC Health Advisor C:\Program Files\ParetoLogic\PCHA\PCHA.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
SM56 Helper Win32 Utility C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
Update Detection Module C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\wpdshserviceobj.dll
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
Google Updater C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java(TM) Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Move Streaming Media Player C:\Documents and Settings\Owner.Eric2\Application Data\Move Networks\plugins\npqmp071505000011.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Symantec Intrusion Detection c:\program files\norton antivirus\engine\18.7.0.13\ips\ipsbho.dll
vShare.tv plug-in C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Missing files
-------------
File not found: NA
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Power2GoExpress"

File not found: WRLogonNTF.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\"DllName"

Scan
----
MD5: 6d935be34f3fe8641403662b35575416 C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
MD5: eb7f1f1dfa95c25d762c22d3cf13d4e0 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
MD5: cfbc1ce72e5353d428704659199147b1 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120310.001\IDSxpx86.sys
MD5: cfbc1ce72e5353d428704659199147b1 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120313.001\IDSxpx86.sys
MD5: 862f55824ac81295837b0ab63f91071f C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVENG.SYS
MD5: 529d571b551cb9da44237389b936f1ae C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVEX15.SYS
MD5: e66e9c5d42aa085891a4f67e7b2ca4df C:\Documents and Settings\Owner.Eric2\Application Data\Move Networks\plugins\npqmp071505000011.dll
MD5: abd1e2c0d91a3de756d7bc84d32c6d5b C:\Program Files\AMT Media Manager\AMTDeviceService.exe
MD5: b9428a3799b8b279110ac4b182386f58 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
MD5: 5384c2f361dbf801be6df2beb2d8c6db C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
MD5: e9b8dff0c25c3933a1b4216afc3619b0 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: ec0f1ec573a0346f89b8e87e04e9d32a C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MD5: 33d7285f12d934268a34206dfc4ad1b3 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
MD5: d7b6706becefbdd0b86b94a4499f5109 C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
MD5: 1eda1c63e0d2ae1aebdf98083454079c C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MD5: 579a6b6135d32b857faf0e3a974535d8 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
MD5: 028d50f059bd0d2ccb209e9011b9a9a4 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: ea8a82f0a08df503ee6f612f14d9500c C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM
MD5: 408ddd80eede47175f6844817b90213e C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 358878e398ab0fb8b1ee176c2e3edf48 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 48046ef9dd331952243f90ee750a985f C:\Program Files\IDT\WDM\sttray.exe
MD5: ad7125bc367bdc060729984ec2e5377a C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 547587b8c100e0358ee9657789fde649 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: bb0ee0c172e3d626263299ef1832fd40 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 688b773ba6074d5e9695ef1886fdcd3e C:\Program Files\iPod\bin\iPodService.exe
MD5: d2ed7af383aab672cb7e135040967954 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 67e74163c6178aa696e2b4a726770a02 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: e731921db2e17dcd3db472fad5549c57 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 054dcc54b7de3a9511f50b9fcbf4cdd1 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: a5f0ef1a69f6707f27e53ee54b8f8ac4 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259 C:\Program Files\Messenger\msmsgs.exe
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 0ae3673e1c450359490cf47d6aa3af7f C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MD5: 11f17c0dd6e413426e0252d62dd25dde C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
MD5: e78a365cc3e0fbfc018a33dce01909f8 C:\Program Files\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
MD5: 21215b293e3af3126d313b2be33723ca c:\program files\norton antivirus\engine\18.7.0.13\ips\ipsbho.dll
MD5: 1497598365f04e3c31c5c988db5b3018 C:\Program Files\Opera\Opera.dll
MD5: cc7001e619906a0ff78c162a0a39d5b7 C:\Program Files\Opera\opera.exe
MD5: d6417e3ee99744edecc5978cac82a1b0 C:\Program Files\ParetoLogic\PCHA\PCHA.exe
MD5: d195e74b712dd105402b90e6cb28263f C:\Program Files\QuickTime\qttask.exe
MD5: 94dfb62f51d7bcb03f80f9d33bb7f54f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 985eff8b21f8f825aa156b2bd268f2b9 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 5d1347aa5ae6e2f77d7f4f8372d95ac9 C:\WINDOWS\eHome\ehRecvr.exe
MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\eHome\ehSched.exe
MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe
MD5: 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
MD5: 735b3c31c87f5f398159328f30ff72fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
MD5: 35643c90b523a7e5602b9a3bdb1d2f60 C:\WINDOWS\stsystra.exe
MD5: 59683d1e4cd0b1ad6ae32e1d627ae25f C:\WINDOWS\system32\AC3ACM.acm
MD5: f93a57b044d0c4db7c778151922265a6 C:\WINDOWS\system32\ac3filter.acm
MD5: 875d770f477e0ae0088be1810d537b23 c:\windows\system32\ACTIVEDS.dll
MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll
MD5: e8e57b0f9eb03d1aabec28d550c75116 C:\WINDOWS\system32\ADVAPI32.dll
MD5: 8210141840ce237fbf40b6e26e2dd11d C:\WINDOWS\system32\alf2cd.acm
MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\System32\alg.exe
MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\appHelp.dll
MD5: 9c3c12975c97119412802b181fbeeffe C:\WINDOWS\System32\appmgmts.dll
MD5: 7d763f0228afcbfb6868aec7249fe40e C:\WINDOWS\system32\Ati2evxx.dll
MD5: 5784a06fdc2ac7954225a1a79e1a8f00 C:\WINDOWS\system32\Ati2evxx.exe
MD5: 2d40edb9bf811590dad7406dec67b926 C:\WINDOWS\system32\ATL.DLL
MD5: 5c3df25926729ebeef5cc7ff1933b360 C:\WINDOWS\system32\AUTHZ.dll
MD5: f0bdb62e1a737145141f49f1938054f6 C:\WINDOWS\System32\BCMLogon.dll
MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll
MD5: 7427ebbaa7a54b443a9bbcec89eebe38 C:\WINDOWS\system32\BROWSEUI.dll
MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\system32\Cabinet.dll
MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll
MD5: ec8a848fc4f17f3b3d9da4a0c43fb930 C:\WINDOWS\system32\CLBCATQ.DLL
MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\system32\CLUSAPI.dll
MD5: b0124cb21d28b1c9f678b566b6b57d92 C:\WINDOWS\system32\comctl32.dll
MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll
MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll
MD5: 87f3e2d2a3231f820f9248db90090f42 c:\windows\system32\cryptsvc.dll
MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll
MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\system32\csrss.exe
MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
MD5: 8e19878192348e8bd426a389c942808e C:\WINDOWS\system32\D3DIM700.DLL
MD5: 7ed462f353b3d915a418a689fa881f96 C:\WINDOWS\system32\DDRAW.dll
MD5: ad805da7015d155ef9899f73a1c27753 C:\WINDOWS\system32\ddrawex.dll
MD5: ef545e1a4b043da4c84e230dd471c55f c:\windows\system32\dhcpcsvc.dll
MD5: 765eaa222e1f6c7122eb22ee66d88ce1 C:\WINDOWS\system32\DivXa32.acm
MD5: aac8ffbfd61e784fa3bac851d4a0bd5f c:\windows\system32\dnsrslvr.dll
MD5: 30bb1bde595ca65fd5549462080d94e5 C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb C:\WINDOWS\system32\DRIVERS\agp440.sys
MD5: 67288b07d6aba6c1267b626e67bc56fd C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
MD5: f312b7cef21eff52fa23056b9d815fad C:\WINDOWS\system32\DRIVERS\alim1541.sys
MD5: 675c16a3c1f8482f85ee4a97fc0dde3d C:\WINDOWS\system32\DRIVERS\amdagp.sys
MD5: 0a4d13b388c814560bd69c3a496ecfa8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: dd222ce49e79f15d2312a5e1f42e716e C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 4ac51459805264affd5f6fdfb9d9235f C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
MD5: cb77bb47e67e84deb17ba29632501730 C:\WINDOWS\System32\Drivers\HTTP.sys
MD5: ed6bf9e441fdea13292a6d30a64a24c3 C:\WINDOWS\system32\DRIVERS\i2omp.sys
MD5: 2d722b2b54ab55b2fa475eb58d7b2aad C:\WINDOWS\system32\DRIVERS\intelide.sys
MD5: e182fa8e49e8ee41b4adc53093f3c7e6 C:\WINDOWS\system32\DRIVERS\kbdhid.sys
MD5: d9f3bb7c292f194f3b053ce295754eb8 C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
MD5: c4f77da649f99fad116ea585376fc164 C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
MD5: c0613ce45e617bc671de8ebb1b30d175 C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
MD5: a73399804d5d4a8b20ba60fcf70c9f1f C:\WINDOWS\system32\drivers\NAV\1207000.00D\Ironx86.SYS
MD5: 83726cf02eced69138948083e06b6eac C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SRTSP.SYS
MD5: 4e7eab2e5615d39cf1f1df9c71e5e225 C:\WINDOWS\system32\drivers\NAV\1207000.00D\SRTSPX.SYS
MD5: 9bbeb8c6258e72d62e7560e6667aad39 C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMDS.SYS
MD5: d5c02629c02a820a7e71bca3d44294a3 C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMEFA.SYS
MD5: 336cace58f0359d5cbb1ae6b8a2fb205 C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SYMTDI.SYS
MD5: eefa1ce63805d2145978621be5c6d955 C:\WINDOWS\system32\DRIVERS\ndisuio.sys
MD5: 0d97d88720a4087ec93af7dbb303b30a C:\WINDOWS\system32\DRIVERS\processr.sys
MD5: 2ada41a7a4da7e24e131e9c80a130f95 C:\WINDOWS\system32\DRIVERS\RTL8187.sys
MD5: 02fc71b020ec8700ee8a46c58bc6f276 C:\WINDOWS\system32\DRIVERS\sdbus.sys
MD5: 732d859b286da692119f286b21a2a114 C:\WINDOWS\system32\DRIVERS\sisagp.sys
MD5: 3d7ef286e806f9bd9339aa52e28dcd67 C:\WINDOWS\System32\Drivers\SjyPkt.sys
MD5: 859e3adc59d1c89a66aa6492c14d379e C:\WINDOWS\system32\DRIVERS\smserial.sys
MD5: ab9c79ed12d65e800aaad3d72a04792f C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 3b24ada55d3bdfdc0e6679d15fa668d8 C:\WINDOWS\system32\drivers\sthda.sys
MD5: ab33c3b196197ca467cbdda717860dba C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
MD5: eb363ddfbe8b6d51003ccab29d93d744 C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: 9179e07503630d6fb2e4162ff0196191 C:\WINDOWS\system32\drivers\tifm21.sys
MD5: d92e7c8a30cfd14d8e15b5f7f032151b C:\WINDOWS\system32\DRIVERS\viaagp.sys
MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\system32\DRIVERS\wanatw4.sys
MD5: 228d0403f0210d6d67a9acf907597efe C:\WINDOWS\system32\DRIVERS\yk51x86.sys
MD5: 55e148c01296696588eafa425782c3e8 C:\WINDOWS\system32\DSOUND.dll
MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll
MD5: 50de118da580208b914b40dd47c90d52 c:\windows\system32\ESENT.dll
MD5: 1e11802039132fca3ee7d05a973b99da C:\WINDOWS\system32\gtw_logo.scr
MD5: 2ced9ba7bd7401736125a1313169fbc0 C:\WINDOWS\system32\HHCTRL.OCX
MD5: 9376e6893e52b368abc6255bf54f0b28 C:\WINDOWS\System32\hidserv.dll
MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\system32\hnetcfg.dll
MD5: 6580e3ec7593c0621a91387aab419524 C:\WINDOWS\system32\iac25_32.ax
MD5: 39860787f4e6de9a35ab1e74330cc788 C:\WINDOWS\system32\iepeers.dll
MD5: ae01989028765de3b3f3750dc3e7a1b6 C:\WINDOWS\system32\imaadp32.acm
MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL
MD5: 011eacf9153ef90e6cbce2987acae411 C:\WINDOWS\system32\iphlpapi.dll
MD5: 36cc8c01b5e50163037bef56cb96deff c:\windows\system32\ipnathlp.dll
MD5: d9ad8b8b6135b4ff4a32e8c519345f35 C:\WINDOWS\system32\itss.dll
MD5: fc3bcbef084377fb3ab43e0e2ff812cb C:\WINDOWS\system32\kerberos.dll
MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll
MD5: 3a4c25b718268d8c18757312fca936a7 C:\WINDOWS\system32\l3codeca.acm
MD5: 22722b4e887bb95ab071542de5a42c80 C:\WINDOWS\system32\LameACM.acm
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: a1a688ee56cf3bbd24edeb815d48e9ba C:\WINDOWS\system32\LINKINFO.dll
MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe
MD5: 74d66b3de265e8789153414e75175f26 C:\WINDOWS\system32\LPK.DLL
MD5: 648bd2b78122a380e0a8b031b882b01a C:\WINDOWS\system32\LSASRV.dll
MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
MD5: f04ed4e1b779a5e4e45fc1130a314044 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\System32\MFC71.DLL
MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
MD5: b56cff6dd69b0cbdf96ccdb9bdb637c9 C:\WINDOWS\system32\mkunicode.dll
MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll
MD5: 9bf1a8af22aadc7727f4e395c5c09b1b C:\WINDOWS\system32\mmfinfo.dll
MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll
MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\system32\MPRAPI.dll
MD5: 5637038012870fda20650e07d6476d02 C:\WINDOWS\system32\msadp32.acm
MD5: 3cd1ce106ca2a9b4cc626d7df03fbd6f C:\WINDOWS\system32\MSASN1.dll
MD5: 77df47d35f5d7a7c0363861e3815a3c5 C:\WINDOWS\system32\msaud32.acm
MD5: 94c96b183968feb35a60668c2db0972e C:\WINDOWS\system32\mscoree.dll
MD5: a9753f3343eb7a8bc3b498841c8be6fd C:\WINDOWS\system32\MSCTF.dll
MD5: 33271a2667334b9a8842c65a079ef375 C:\WINDOWS\system32\msg711.acm
MD5: b87f759738c52e8d6fbcdaaa84c6486f C:\WINDOWS\system32\msg723.acm
MD5: 3a9846e207dafc13009c048a2f6f8c2a C:\WINDOWS\system32\msgsm32.acm
MD5: 892f4bc54d486feb4df03e4e2ecb14e0 C:\WINDOWS\system32\msi.dll
MD5: d3ad4f21dd60b4b9bfeb415564a6c308 C:\WINDOWS\system32\msimtf.dll
MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll
MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\MSUTB.dll
MD5: 77c41f9146450c89534704a75836ce56 C:\WINDOWS\system32\msv1_0.dll
MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\system32\MSVCP60.dll
MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll
MD5: 8d22721eb56e7592c0c8cc707f11db5f C:\WINDOWS\system32\msxml3.dll
MD5: e3ae8dc04643850d2dfd431443558b28 C:\WINDOWS\system32\netcfgx.dll
MD5: 36739b39267914ba69ad0610a0299732 c:\windows\system32\netman.dll
MD5: 9bd086b1e1cb82a11b95f5ba613c4a4e c:\windows\system32\netshell.dll
MD5: 01520b46830c8178e1b2c05a4f3f6c16 C:\WINDOWS\System32\NETUI0.dll
MD5: 88b918e7fb3b09595dd8a0fd09a35b8f C:\WINDOWS\System32\NETUI1.dll
MD5: 388b8fbc36a8558587afc90fb23a3b99 C:\WINDOWS\system32\notepad.exe
MD5: 2f868bffbf50524653d7fe0d99afb064 C:\WINDOWS\system32\ntdll.dll
MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll
MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL
MD5: b62f29c00ac55a761b2e45877d85ea0f C:\WINDOWS\system32\ntmssvc.dll
MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll
MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll
MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll
MD5: ab8231d13692ac5088eb9c226b0c0576 C:\WINDOWS\system32\ole32.dll
MD5: 0144abc4c4a624b583d432ee478a711c C:\WINDOWS\system32\OLEAUT32.dll
MD5: d623276c3c72c8226ef4afc5eb12dab1 C:\WINDOWS\system32\OOBE\oobebaln.exe
MD5: 5f098bd2ae6b03044b085decffdf91ec C:\WINDOWS\system32\rasadhlp.dll
MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\system32\RASAPI32.dll
MD5: 44db7a9bdd2fb58747d123fbf1d35adb C:\WINDOWS\System32\rasauto.dll
MD5: 1b0f0fc350c77b62a4b927810e53b2bf C:\WINDOWS\System32\raschap.dll
MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\system32\rasman.dll
MD5: 49b5eed5fb89d39456a2f616ccd8ba5d C:\WINDOWS\system32\rasmans.dll
MD5: adeac063a3757e8fbc242bb4414d632b C:\WINDOWS\System32\rastls.dll
MD5: 8487fcd4daba31132f317b03d168cabd C:\WINDOWS\system32\rdpwsx.dll
MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll
MD5: 3151427db7d87107d1c5be58fac53960 C:\WINDOWS\system32\regsvc.dll
MD5: b49dccd4dcf1d52bfccc44677e56cfb4 C:\WINDOWS\system32\RPCRT4.dll
MD5: 24b5d53b9accc1e2edcf0a878d6659d4 c:\windows\system32\rpcss.dll
MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll
MD5: da285490bbd8a1d0ce6623577d5ba1ff C:\WINDOWS\system32\rundll32.exe
MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\system32\SAMLIB.dll
MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll
MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll
MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll
MD5: dc4b2f21968ac6e7e6c8a4417ed0d85c C:\WINDOWS\system32\scg726.acm
MD5: 2b9156e888c2bee2a8c3820268d935df C:\WINDOWS\system32\schannel.dll
MD5: 92360854316611f6cc471612213c3d92 C:\WINDOWS\system32\schedsvc.dll
MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll
MD5: 30aa87f7a44e9d92f1f1941537c91f4c C:\WINDOWS\system32\Secur32.dll
MD5: 4712531ab7a01b7ee059853ca17d39bd C:\WINDOWS\system32\services.exe
MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll
MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll
MD5: d76acbb8e12189f13bbe16e867f8aaf0 C:\WINDOWS\system32\SHDOCVW.dll
MD5: 06da8c5383aaf17127fc4b1658ba3f4f C:\WINDOWS\system32\SHELL32.dll
MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\system32\ShimEng.dll
MD5: 52a9e2397574d0d78e349dc44ceb40cf C:\WINDOWS\system32\SHLWAPI.dll
MD5: 6815def9b810aefac107eeaf72da6f82 C:\WINDOWS\system32\SHSVCS.dll
MD5: d8444b86e6d98f5165b26637baba8d2f C:\WINDOWS\system32\sl_anet.acm
MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\system32\smss.exe
MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll
MD5: 0cb3af149a0bac0836022ca307c7a0f8 c:\windows\system32\srvsvc.dll
MD5: 4b8d61792f7175bed48859cc18ce4e38 C:\WINDOWS\System32\ssdpsrv.dll
MD5: 297101a925ecffdcdf7f6341ffbb6c1a c:\windows\system32\stobject.dll
MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
MD5: 0ff9fa27706fbe9048990c108c0d62f0 C:\WINDOWS\system32\SXS.DLL
MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll
MD5: fb78839b36025aa286a51289ed28b73e C:\WINDOWS\System32\tapisrv.dll
MD5: c29a5286e64d97385178452d5f307b98 c:\windows\system32\termsrv.dll
MD5: 4835e97243dd9adedec91bb9740765a8 C:\WINDOWS\system32\themeui.dll
MD5: 6d9ac544b30f96c57f8206566c1fb6a1 C:\WINDOWS\system32\trkwks.dll
MD5: 735f504deefe4e2ad06360fce2842dd4 C:\WINDOWS\system32\tsd32.dll
MD5: e8cd0d7e169ecce2d4fd829daab786ed C:\WINDOWS\system32\tssoft32.acm
MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll
MD5: 586211f4ff4bc49cc215c956919cd33b C:\WINDOWS\system32\umpnpmgr.dll
MD5: aca5d98663d879c6baafcea7e2f1b710 C:\WINDOWS\System32\upnphost.dll
MD5: 4e1be01eb03fe21c18ef8cfadd03b030 c:\windows\system32\upnpui.dll
MD5: 91617515aa185259694a1c4882080b99 C:\WINDOWS\system32\URL.dll
MD5: b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\USER32.dll
MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll
MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\UxTheme.dll
MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll
MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll
MD5: 4de2616b80c62930fd337ec395462b21 C:\WINDOWS\system32\wbem\FastProx.dll
MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll
MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\system32\wbem\wbemcomn.dll
MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll
MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\system32\wbem\wbemess.dll
MD5: 44266e3a948fa690585b2d7205a672f6 C:\WINDOWS\system32\wbem\wmiprvsd.dll
MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\system32\wbem\wmiutils.dll
MD5: 265f534ef76832435afbf771ec97176d C:\WINDOWS\System32\webclnt.dll
MD5: b6763f8534ac547cf1af98afdff2edc8 C:\WINDOWS\system32\wiaservc.dll
MD5: e5326c384ce33d47b8efa715e8ac4284 C:\WINDOWS\system32\WINHTTP.dll
MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\system32\WINMM.dll
MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll
MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL
MD5: 3d21b3be0c5768e76fd9780e9cf9e07c C:\WINDOWS\system32\winsrv.dll
MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 C:\WINDOWS\system32\WINSTA.dll
MD5: b015a20c60d2a751777a9c8207a7ba82 C:\WINDOWS\system32\WINTRUST.dll
MD5: 3cd291a2c4909088b3d1e98ded73d4b2 c:\windows\system32\wkssvc.dll
MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\wldap32.dll
MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll
MD5: 4d59daa66c60858cdf4f67a900f42d4a C:\WINDOWS\system32\wscsvc.dll
MD5: fcbe41b9172fa24c8ef419490c682c8a C:\WINDOWS\System32\WZCSAPI.DLL
MD5: 247520eded53a08ae89ea4fae04f54d8 c:\windows\system32\wzcsvc.dll
MD5: eef46dab68229a14da3d8e73c99e2959 C:\WINDOWS\System32\xmlprov.dll
MD5: 59e9857abc6c62af55eb29fa68354805 C:\WINDOWS\System32\xmlprovi.dll
MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll
MD5: 6c34b81172080d41f1003af9eb35ec14 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
MD5: fd021e0db908ecbd76c5ea69f7eecc59 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.14 KB recvd
Scanned 545 files and modules - 181 seconds

==============================================================================

kevinf80 · « **Reply #33 on:** March 16, 2012, 01:58:30 AM »

Vundo has not returned after the script fix so have definetly made progress, obviously there is still a problem as you can only boot into safe mode.

Run the following from Safe Mode with NW:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Can you also confirm as you boot do you get the option for the "Recovery Console" the initial CF log suggests it wa installed. You have to watch carefully as you may only get a couple of seconds to see the choices...

Kevin

ngt · « **Reply #34 on:** March 16, 2012, 07:47:09 AM »

06:30:13.0781 0900   TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
06:30:14.0265 0900   ============================================================
06:30:14.0265 0900   Current date / time: 2012/03/16 06:30:14.0265
06:30:14.0265 0900   SystemInfo:
06:30:14.0265 0900
06:30:14.0265 0900   OS Version: 5.1.2600 ServicePack: 2.0
06:30:14.0265 0900   Product type: Workstation
06:30:14.0265 0900   ComputerName: ERIC2
06:30:14.0265 0900   UserName: Owner
06:30:14.0265 0900   Windows directory: C:\WINDOWS
06:30:14.0265 0900   System windows directory: C:\WINDOWS
06:30:14.0265 0900   Processor architecture: Intel x86
06:30:14.0265 0900   Number of processors: 2
06:30:14.0265 0900   Page size: 0x1000
06:30:14.0265 0900   Boot type: Safe boot with network
06:30:14.0265 0900   ============================================================
06:30:17.0531 0900   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:30:17.0531 0900   Drive \Device\Harddisk1\DR3 - Size: 0x200CE0000 (8.01 Gb), SectorSize: 0x200, Cylinders: 0x415, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:30:17.0546 0900   Drive \Device\Harddisk2\DR4 - Size: 0x3A8400000 (14.63 Gb), SectorSize: 0x200, Cylinders: 0x775, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:30:17.0546 0900   \Device\Harddisk0\DR0:
06:30:17.0546 0900   MBR used
06:30:17.0546 0900   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDAE73D, BlocksNum 0x11C664C3
06:30:17.0546 0900   \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDAE6FE
06:30:17.0546 0900   \Device\Harddisk1\DR3:
06:30:17.0546 0900   MBR used
06:30:17.0546 0900   \Device\Harddisk2\DR4:
06:30:17.0546 0900   MBR used
06:30:17.0546 0900   \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1D41800
06:30:17.0656 0900   Initialize success
06:30:17.0656 0900   ============================================================
06:30:46.0671 2040   ============================================================
06:30:46.0671 2040   Scan started
06:30:46.0671 2040   Mode: Manual;
06:30:46.0671 2040   ============================================================
06:30:54.0265 2040   Abiosdsk - ok
06:30:55.0218 2040   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:30:55.0218 2040   abp480n5 - ok
06:30:56.0296 2040   ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:30:56.0359 2040   ACPI - ok
06:30:57.0328 2040   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:30:57.0328 2040   ACPIEC - ok
06:30:58.0375 2040   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:30:58.0375 2040   adpu160m - ok
06:30:59.0421 2040   aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
06:30:59.0421 2040   aec - ok
06:31:00.0296 2040   AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:31:00.0296 2040   AegisP - ok
06:31:01.0250 2040   Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
06:31:01.0250 2040   Afc - ok
06:31:02.0296 2040   AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
06:31:02.0296 2040   AFD - ok
06:31:03.0203 2040   agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:31:03.0203 2040   agp440 - ok
06:31:04.0125 2040   agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:31:04.0125 2040   agpCPQ - ok
06:31:05.0015 2040   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:31:05.0015 2040   Aha154x - ok
06:31:05.0890 2040   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:31:05.0890 2040   aic78u2 - ok
06:31:06.0812 2040   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:31:06.0812 2040   aic78xx - ok
06:31:07.0718 2040   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:31:07.0718 2040   AliIde - ok
06:31:08.0656 2040   alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:31:08.0656 2040   alim1541 - ok
06:31:09.0546 2040   amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:31:09.0546 2040   amdagp - ok
06:31:10.0468 2040   AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:31:10.0468 2040   AmdK8 - ok
06:31:11.0328 2040   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:31:11.0328 2040   amsint - ok
06:31:12.0328 2040   Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:31:12.0328 2040   Arp1394 - ok
06:31:13.0281 2040   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:31:13.0281 2040   asc - ok
06:31:14.0125 2040   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:31:14.0125 2040   asc3350p - ok
06:31:14.0984 2040   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:31:14.0984 2040   asc3550 - ok
06:31:15.0890 2040   AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:31:15.0890 2040   AsyncMac - ok
06:31:16.0812 2040   atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:31:16.0812 2040   atapi - ok
06:31:17.0625 2040   Atdisk - ok
06:31:20.0515 2040   ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:31:20.0531 2040   ati2mtag - ok
06:31:21.0390 2040   Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:31:21.0390 2040   Atmarpc - ok
06:31:22.0171 2040   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:31:22.0171 2040   audstub - ok
06:31:23.0000 2040   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:31:23.0000 2040   Beep - ok
06:31:24.0125 2040   BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
06:31:24.0140 2040   BHDrvx86 - ok
06:31:24.0156 2040   catchme - ok
06:31:25.0187 2040   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:31:25.0187 2040   cbidf - ok
06:31:26.0312 2040   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:31:26.0312 2040   cbidf2k - ok
06:31:27.0781 2040   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:31:27.0781 2040   cd20xrnt - ok
06:31:28.0828 2040   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:31:28.0843 2040   Cdaudio - ok
06:31:30.0093 2040   Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
06:31:30.0156 2040   Cdfs - ok
06:31:31.0093 2040   Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:31:31.0093 2040   Cdrom - ok
06:31:31.0953 2040   Changer - ok
06:31:32.0796 2040   CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:31:32.0796 2040   CmBatt - ok
06:31:33.0750 2040   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:31:33.0750 2040   CmdIde - ok
06:31:34.0796 2040   Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:31:34.0796 2040   Compbatt - ok
06:31:35.0812 2040   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:31:35.0812 2040   Cpqarray - ok
06:31:36.0984 2040   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:31:37.0031 2040   dac2w2k - ok
06:31:38.0015 2040   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:31:38.0015 2040   dac960nt - ok
06:31:39.0078 2040   Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
06:31:39.0078 2040   Disk - ok
06:31:40.0906 2040   dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
06:31:41.0656 2040   dmboot - ok
06:31:42.0671 2040   dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
06:31:42.0765 2040   dmio - ok
06:31:43.0625 2040   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:31:43.0625 2040   dmload - ok
06:31:44.0703 2040   DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
06:31:44.0703 2040   DMusic - ok
06:31:45.0687 2040   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:31:45.0687 2040   dpti2o - ok
06:31:46.0687 2040   drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
06:31:46.0687 2040   drmkaud - ok
06:31:47.0343 2040   eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:31:47.0343 2040   eeCtrl - ok
06:31:47.0640 2040   EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:31:47.0640 2040   EraserUtilRebootDrv - ok
06:31:48.0875 2040   Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
06:31:49.0031 2040   Fastfat - ok
06:31:49.0953 2040   Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
06:31:49.0984 2040   Fdc - ok
06:31:50.0875 2040   Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
06:31:50.0921 2040   Fips - ok
06:31:51.0875 2040   Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:31:51.0906 2040   Flpydisk - ok
06:31:52.0968 2040   FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:31:52.0984 2040   FltMgr - ok
06:31:53.0953 2040   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:31:53.0968 2040   Fs_Rec - ok
06:31:54.0937 2040   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:31:54.0937 2040   Ftdisk - ok
06:31:55.0937 2040   GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
06:31:55.0937 2040   GEARAspiWDM - ok
06:31:56.0906 2040   Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:31:56.0906 2040   Gpc - ok
06:31:58.0078 2040   HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:31:58.0078 2040   HDAudBus - ok
06:31:59.0125 2040   HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:31:59.0125 2040   HidUsb - ok
06:32:00.0046 2040   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:32:00.0046 2040   hpn - ok
06:32:01.0328 2040   HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
06:32:01.0328 2040   HTTP - ok
06:32:02.0421 2040   i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:32:02.0437 2040   i2omgmt - ok
06:32:03.0312 2040   i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:32:03.0312 2040   i2omp - ok
06:32:04.0406 2040   i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:32:04.0406 2040   i8042prt - ok
06:32:05.0171 2040   IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120313.001\IDSxpx86.sys
06:32:05.0421 2040   IDSxpx86 - ok
06:32:06.0406 2040   Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:32:06.0406 2040   Imapi - ok
06:32:07.0359 2040   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:32:07.0359 2040   ini910u - ok
06:32:08.0328 2040   IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:32:08.0328 2040   IntelIde - ok
06:32:09.0453 2040   Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:32:09.0453 2040   Ip6Fw - ok
06:32:10.0343 2040   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:32:10.0343 2040   IpFilterDriver - ok
06:32:11.0312 2040   IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:32:11.0312 2040   IpInIp - ok
06:32:12.0421 2040   IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:32:12.0437 2040   IpNat - ok
06:32:13.0484 2040   IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:32:13.0484 2040   IPSec - ok
06:32:14.0515 2040   IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:32:14.0515 2040   IRENUM - ok
06:32:15.0437 2040   isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:32:15.0437 2040   isapnp - ok
06:32:16.0375 2040   Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:32:16.0375 2040   Kbdclass - ok
06:32:17.0328 2040   kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:32:17.0328 2040   kbdhid - ok
06:32:18.0515 2040   kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
06:32:18.0562 2040   kmixer - ok
06:32:19.0687 2040   KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
06:32:19.0781 2040   KSecDD - ok
06:32:20.0781 2040   lbrtfdc - ok
06:32:21.0859 2040   MCSTRM - ok
06:32:22.0906 2040   MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:32:22.0906 2040   MHNDRV - ok
06:32:23.0875 2040   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:32:23.0875 2040   mnmdd - ok
06:32:24.0906 2040   Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
06:32:24.0937 2040   Modem - ok
06:32:25.0906 2040   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:32:25.0906 2040   MODEMCSA - ok
06:32:26.0812 2040   Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:32:26.0812 2040   Mouclass - ok
06:32:27.0734 2040   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:32:27.0734 2040   mouhid - ok
06:32:28.0750 2040   MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
06:32:28.0812 2040   MountMgr - ok
06:32:29.0765 2040   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:32:29.0765 2040   mraid35x - ok
06:32:30.0937 2040   MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:32:30.0984 2040   MRxDAV - ok
06:32:32.0437 2040   MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:32:32.0812 2040   MRxSmb - ok
06:32:33.0843 2040   Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
06:32:33.0875 2040   Msfs - ok
06:32:34.0875 2040   MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:32:34.0875 2040   MSKSSRV - ok
06:32:35.0843 2040   MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:32:35.0843 2040   MSPCLOCK - ok
06:32:36.0796 2040   MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
06:32:36.0796 2040   MSPQM - ok
06:32:37.0718 2040   mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:32:37.0718 2040   mssmbios - ok
06:32:38.0703 2040   Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
06:32:38.0828 2040   Mup - ok
06:32:39.0312 2040   NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVENG.SYS
06:32:39.0312 2040   NAVENG - ok
06:32:41.0328 2040   NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVEX15.SYS
06:32:41.0343 2040   NAVEX15 - ok
06:32:42.0468 2040   NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
06:32:42.0468 2040   NDIS - ok
06:32:43.0343 2040   NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:32:43.0343 2040   NdisTapi - ok
06:32:44.0265 2040   Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:32:44.0265 2040   Ndisuio - ok
06:32:45.0312 2040   NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:32:45.0328 2040   NdisWan - ok
06:32:46.0234 2040   NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
06:32:46.0281 2040   NDProxy - ok
06:32:47.0156 2040   NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:32:47.0171 2040   NetBIOS - ok
06:32:48.0218 2040   NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:32:48.0250 2040   NetBT - ok
06:32:49.0437 2040   NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:32:49.0453 2040   NIC1394 - ok
06:32:50.0453 2040   Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
06:32:50.0484 2040   Npfs - ok
06:32:52.0000 2040   Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
06:32:52.0000 2040   Ntfs - ok
06:32:52.0968 2040   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:32:52.0968 2040   Null - ok
06:32:53.0953 2040   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:32:53.0953 2040   NwlnkFlt - ok
06:32:54.0890 2040   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:32:54.0906 2040   NwlnkFwd - ok
06:32:55.0906 2040   ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:32:55.0906 2040   ohci1394 - ok
06:32:56.0937 2040   Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
06:32:57.0015 2040   Parport - ok
06:32:57.0953 2040   PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
06:32:57.0984 2040   PartMgr - ok
06:32:58.0937 2040   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:32:58.0937 2040   ParVdm - ok
06:32:59.0937 2040   PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
06:32:59.0953 2040   PCI - ok
06:33:00.0906 2040   PCIDump - ok
06:33:01.0843 2040   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:33:01.0843 2040   PCIIde - ok
06:33:02.0890 2040   Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:33:02.0890 2040   Pcmcia - ok
06:33:03.0796 2040   PDCOMP - ok
06:33:04.0687 2040   PDFRAME - ok
06:33:05.0640 2040   PDRELI - ok
06:33:06.0531 2040   PDRFRAME - ok
06:33:07.0515 2040   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:33:07.0515 2040   perc2 - ok
06:33:08.0406 2040   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:33:08.0406 2040   perc2hib - ok
06:33:09.0562 2040   PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:33:09.0562 2040   PptpMiniport - ok
06:33:10.0562 2040   Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
06:33:10.0562 2040   Processor - ok
06:33:11.0625 2040   PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
06:33:11.0625 2040   PSched - ok
06:33:12.0546 2040   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:33:12.0562 2040   Ptilink - ok
06:33:13.0500 2040   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:33:13.0500 2040   ql1080 - ok
06:33:14.0453 2040   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:33:14.0453 2040   Ql10wnt - ok
06:33:15.0515 2040   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:33:15.0515 2040   ql12160 - ok
06:33:16.0484 2040   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:33:16.0484 2040   ql1240 - ok
06:33:17.0406 2040   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:33:17.0406 2040   ql1280 - ok
06:33:18.0359 2040   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:33:18.0359 2040   RasAcd - ok
06:33:19.0312 2040   Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:33:19.0312 2040   Rasl2tp - ok
06:33:20.0281 2040   RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:33:20.0281 2040   RasPppoe - ok
06:33:21.0218 2040   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:33:21.0218 2040   Raspti - ok
06:33:22.0406 2040   Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:33:22.0453 2040   Rdbss - ok
06:33:23.0343 2040   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:33:23.0343 2040   RDPCDD - ok
06:33:24.0484 2040   rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:33:24.0625 2040   rdpdr - ok
06:33:25.0750 2040   RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
06:33:25.0906 2040   RDPWD - ok
06:33:27.0015 2040   redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:33:27.0015 2040   redbook - ok
06:33:28.0343 2040   RTLWUSB (2ada41a7a4da7e24e131e9c80a130f95) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
06:33:28.0343 2040   RTLWUSB - ok
06:33:29.0437 2040   sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:33:29.0437 2040   sdbus - ok
06:33:30.0421 2040   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:33:30.0421 2040   Secdrv - ok
06:33:31.0500 2040   Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
06:33:31.0578 2040   Serial - ok
06:33:32.0562 2040   Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:33:32.0578 2040   Sfloppy - ok
06:33:33.0546 2040   Simbad - ok
06:33:34.0500 2040   sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:33:34.0500 2040   sisagp - ok
06:33:35.0546 2040   SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:33:35.0546 2040   SjyPkt - ok
06:33:37.0781 2040   smserial (859e3adc59d1c89a66aa6492c14d379e) C:\WINDOWS\system32\DRIVERS\smserial.sys
06:33:37.0781 2040   smserial - ok
06:33:38.0703 2040   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:33:38.0703 2040   Sparrow - ok
06:33:39.0687 2040   splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
06:33:39.0687 2040   splitter - ok
06:33:40.0734 2040   sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
06:33:40.0734 2040   sr - ok
06:33:42.0406 2040   SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SRTSP.SYS
06:33:42.0421 2040   SRTSP - ok
06:33:43.0484 2040   SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SRTSPX.SYS
06:33:43.0484 2040   SRTSPX - ok
06:33:44.0843 2040   Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
06:33:44.0859 2040   Srv - ok
06:33:47.0171 2040   STHDA (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
06:33:47.0187 2040   STHDA - ok
06:33:48.0093 2040   swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:33:48.0093 2040   swenum - ok
06:33:49.0156 2040   swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
06:33:49.0156 2040   swmidi - ok
06:33:50.0125 2040   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:33:50.0125 2040   symc810 - ok
06:33:51.0046 2040   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:33:51.0046 2040   symc8xx - ok
06:33:52.0406 2040   SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMDS.SYS
06:33:52.0406 2040   SymDS - ok
06:33:54.0234 2040   SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMEFA.SYS
06:33:54.0250 2040   SymEFA - ok
06:33:55.0296 2040   SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:33:55.0312 2040   SymEvent - ok
06:33:56.0468 2040   SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1207000.00D\Ironx86.SYS
06:33:56.0468 2040   SymIRON - ok
06:33:57.0843 2040   SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SYMTDI.SYS
06:33:57.0843 2040   SYMTDI - ok
06:33:58.0750 2040   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:33:58.0750 2040   sym_hi - ok
06:33:59.0656 2040   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:33:59.0656 2040   sym_u3 - ok
06:34:00.0812 2040   SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:34:00.0812 2040   SynTP - ok
06:34:01.0859 2040   sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
06:34:01.0859 2040   sysaudio - ok
06:34:03.0281 2040   Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:34:03.0281 2040   Tcpip - ok
06:34:04.0281 2040   TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:34:04.0296 2040   TDPIPE - ok
06:34:05.0203 2040   TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
06:34:05.0218 2040   TDTCP - ok
06:34:06.0125 2040   TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:34:06.0125 2040   TermDD - ok
06:34:07.0328 2040   tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
06:34:07.0328 2040   tifm21 - ok
06:34:08.0328 2040   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:34:08.0328 2040   TosIde - ok
06:34:09.0406 2040   Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
06:34:09.0484 2040   Udfs - ok
06:34:10.0437 2040   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:34:10.0437 2040   ultra - ok
06:34:11.0687 2040   Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
06:34:11.0765 2040   Update - ok
06:34:12.0812 2040   usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
06:34:12.0812 2040   usbbus - ok
06:34:13.0796 2040   usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:34:13.0796 2040   usbccgp - ok
06:34:14.0812 2040   UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
06:34:14.0812 2040   UsbDiag - ok
06:34:15.0750 2040   usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:34:15.0750 2040   usbehci - ok
06:34:16.0671 2040   usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:34:16.0671 2040   usbhub - ok
06:34:17.0625 2040   USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
06:34:17.0625 2040   USBModem - ok
06:34:18.0671 2040   usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:34:18.0687 2040   usbohci - ok
06:34:19.0640 2040   usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:34:19.0640 2040   usbprint - ok
06:34:20.0562 2040   usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:34:20.0578 2040   usbscan - ok
06:34:21.0609 2040   usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:34:21.0609 2040   usbstor - ok
06:34:22.0531 2040   usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:34:22.0531 2040   usbuhci - ok
06:34:23.0484 2040   VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
06:34:23.0484 2040   VgaSave - ok
06:34:24.0484 2040   viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:34:24.0484 2040   viaagp - ok
06:34:25.0359 2040   ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:34:25.0359 2040   ViaIde - ok
06:34:26.0296 2040   VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
06:34:26.0359 2040   VolSnap - ok
06:34:27.0390 2040   Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:34:27.0390 2040   Wanarp - ok
06:34:28.0484 2040   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:34:28.0484 2040   wanatw - ok
06:34:29.0828 2040   WDICA - ok
06:34:30.0968 2040   wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
06:34:30.0984 2040   wdmaud - ok
06:34:32.0453 2040   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:34:32.0453 2040   WpdUsb - ok
06:34:33.0593 2040   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:34:33.0593 2040   WS2IFSL - ok
06:34:34.0734 2040   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:34:34.0734 2040   WudfPf - ok
06:34:35.0843 2040   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:34:35.0859 2040   WudfRd - ok
06:34:37.0218 2040   yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
06:34:37.0218 2040   yukonwxp - ok
06:34:37.0421 2040   MBR (0x1B8) (8907fe6d05fc0125fc299b39ac847b22) \Device\Harddisk0\DR0
06:34:37.0921 2040   \Device\Harddisk0\DR0 - ok
06:34:38.0015 2040   MBR (0x1B8) (27404125736778bfe04b04c009d4b2f4) \Device\Harddisk1\DR3
06:34:41.0078 2040   \Device\Harddisk1\DR3 - ok
06:34:41.0125 2040   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
06:34:41.0125 2040   \Device\Harddisk2\DR4 - ok
06:34:41.0171 2040   Boot (0x1200) (15a645c4a3e9b9710f0cdab72f71131b) \Device\Harddisk0\DR0\Partition0
06:34:41.0187 2040   \Device\Harddisk0\DR0\Partition0 - ok
06:34:41.0312 2040   Boot (0x1200) (79f505903993a4db0152c16292f362ad) \Device\Harddisk0\DR0\Partition1
06:34:41.0312 2040   \Device\Harddisk0\DR0\Partition1 - ok
06:34:41.0343 2040   Boot (0x1200) (fdbc5a59142cc779497e1bfd2ce1c583) \Device\Harddisk2\DR4\Partition0
06:34:41.0343 2040   \Device\Harddisk2\DR4\Partition0 - ok
06:34:41.0375 2040   ============================================================
06:34:41.0375 2040   Scan finished
06:34:41.0375 2040   ============================================================
06:34:41.0500 0700   Detected object count: 0
06:34:41.0500 0700   Actual detected object count: 0
06:40:33.0515 1212   ============================================================
06:40:33.0515 1212   Scan started
06:40:33.0515 1212   Mode: Manual; SigCheck; TDLFS;
06:40:33.0515 1212   ============================================================
06:40:35.0125 1212   Abiosdsk - ok
06:40:36.0140 1212   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:40:36.0593 1212   abp480n5 - ok
06:40:37.0703 1212   ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:40:37.0890 1212   ACPI - ok
06:40:38.0859 1212   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:40:39.0031 1212   ACPIEC - ok
06:40:40.0031 1212   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:40:40.0281 1212   adpu160m - ok
06:40:41.0406 1212   aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
06:40:41.0859 1212   aec - ok
06:40:42.0812 1212   AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:40:42.0859 1212   AegisP ( UnsignedFile.Multi.Generic ) - warning
06:40:42.0859 1212   AegisP - detected UnsignedFile.Multi.Generic (1)
06:40:43.0875 1212   Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
06:40:43.0921 1212   Afc ( UnsignedFile.Multi.Generic ) - warning
06:40:43.0921 1212   Afc - detected UnsignedFile.Multi.Generic (1)
06:40:45.0015 1212   AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
06:40:45.0093 1212   AFD - ok
06:40:46.0125 1212   agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:40:46.0343 1212   agp440 - ok
06:40:47.0281 1212   agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:40:47.0484 1212   agpCPQ - ok
06:40:48.0453 1212   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:40:48.0546 1212   Aha154x - ok
06:40:49.0578 1212   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:40:49.0781 1212   aic78u2 - ok
06:40:50.0734 1212   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:40:50.0921 1212   aic78xx - ok
06:40:51.0937 1212   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:40:52.0203 1212   AliIde - ok
06:40:53.0250 1212   alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:40:53.0453 1212   alim1541 - ok
06:40:54.0453 1212   amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:40:54.0640 1212   amdagp - ok
06:40:55.0687 1212   AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:40:55.0765 1212   AmdK8 - ok
06:40:56.0703 1212   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:40:56.0812 1212   amsint - ok
06:40:57.0812 1212   Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:40:58.0000 1212   Arp1394 - ok
06:40:58.0953 1212   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:40:59.0203 1212   asc - ok
06:41:00.0093 1212   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:41:00.0218 1212   asc3350p - ok
06:41:01.0171 1212   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:41:01.0343 1212   asc3550 - ok
06:41:02.0375 1212   AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:41:02.0546 1212   AsyncMac - ok
06:41:03.0625 1212   atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:41:03.0796 1212   atapi - ok
06:41:04.0718 1212   Atdisk - ok
06:41:07.0453 1212   ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:41:08.0812 1212   ati2mtag - ok
06:41:09.0859 1212   Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:41:10.0046 1212   Atmarpc - ok
06:41:10.0984 1212   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:41:11.0140 1212   audstub - ok
06:41:12.0562 1212   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:41:12.0734 1212   Beep - ok
06:41:14.0781 1212   BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
06:41:15.0703 1212   BHDrvx86 - ok
06:41:16.0062 1212   catchme - ok
06:41:17.0484 1212   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:41:17.0656 1212   cbidf - ok
06:41:19.0421 1212   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:41:19.0546 1212   cbidf2k - ok
06:41:20.0546 1212   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:41:20.0640 1212   cd20xrnt - ok
06:41:21.0578 1212   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:41:21.0750 1212   Cdaudio - ok
06:41:22.0671 1212   Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
06:41:22.0875 1212   Cdfs - ok
06:41:23.0796 1212   Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:41:23.0968 1212   Cdrom - ok
06:41:25.0109 1212   Changer - ok
06:41:26.0125 1212   CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:41:26.0296 1212   CmBatt - ok
06:41:27.0343 1212   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:41:27.0500 1212   CmdIde - ok
06:41:28.0406 1212   Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:41:28.0578 1212   Compbatt - ok
06:41:29.0625 1212   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:41:29.0796 1212   Cpqarray - ok
06:41:30.0890 1212   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:41:31.0078 1212   dac2w2k - ok
06:41:31.0937 1212   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:41:32.0109 1212   dac960nt - ok
06:41:33.0015 1212   Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
06:41:33.0140 1212   Disk - ok
06:41:35.0031 1212   dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
06:41:35.0765 1212   dmboot - ok
06:41:36.0796 1212   dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
06:41:36.0968 1212   dmio - ok
06:41:38.0046 1212   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:41:38.0250 1212   dmload - ok
06:41:39.0312 1212   DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
06:41:39.0484 1212   DMusic - ok
06:41:40.0593 1212   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:41:40.0750 1212   dpti2o - ok
06:41:41.0703 1212   drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
06:41:41.0859 1212   drmkaud - ok
06:41:42.0421 1212   eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:41:42.0687 1212   eeCtrl - ok
06:41:42.0890 1212   EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:41:42.0890 1212   EraserUtilRebootDrv - ok
06:41:43.0953 1212   Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
06:41:44.0125 1212   Fastfat - ok
06:41:45.0062 1212   Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
06:41:45.0250 1212   Fdc - ok
06:41:46.0171 1212   Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
06:41:46.0343 1212   Fips - ok
06:41:47.0218 1212   Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:41:47.0375 1212   Flpydisk - ok
06:41:48.0421 1212   FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:41:48.0968 1212   FltMgr - ok
06:41:49.0859 1212   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:41:50.0031 1212   Fs_Rec - ok
06:41:51.0156 1212   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:41:51.0390 1212   Ftdisk - ok
06:41:52.0312 1212   GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
06:41:52.0328 1212   GEARAspiWDM - ok
06:41:53.0250 1212   Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:41:53.0421 1212   Gpc - ok
06:41:54.0468 1212   HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:41:54.0562 1212   HDAudBus - ok
06:41:55.0468 1212   HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:41:55.0609 1212   HidUsb - ok
06:41:56.0593 1212   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:41:56.0765 1212   hpn - ok
06:41:57.0953 1212   HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
06:41:58.0562 1212   HTTP - ok
06:41:59.0546 1212   i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:41:59.0703 1212   i2omgmt - ok
06:42:00.0750 1212   i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:42:00.0921 1212   i2omp - ok
06:42:02.0031 1212   i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:42:02.0218 1212   i8042prt - ok
06:42:02.0906 1212   IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120313.001\IDSxpx86.sys

ngt · « **Reply #35 on:** March 16, 2012, 07:48:39 AM »

06:42:03.0171 1212   IDSxpx86 - ok
06:42:04.0406 1212   Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:42:04.0578 1212   Imapi - ok
06:42:05.0593 1212   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:42:05.0750 1212   ini910u - ok
06:42:06.0843 1212   IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:42:07.0000 1212   IntelIde - ok
06:42:08.0031 1212   Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:42:08.0187 1212   Ip6Fw - ok
06:42:09.0234 1212   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:42:09.0421 1212   IpFilterDriver - ok
06:42:10.0484 1212   IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:42:10.0656 1212   IpInIp - ok
06:42:11.0796 1212   IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:42:12.0359 1212   IpNat - ok
06:42:13.0484 1212   IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:42:13.0609 1212   IPSec - ok
06:42:14.0703 1212   IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:42:14.0796 1212   IRENUM - ok
06:42:15.0921 1212   isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:42:16.0078 1212   isapnp - ok
06:42:17.0078 1212   Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:42:17.0218 1212   Kbdclass - ok
06:42:18.0109 1212   kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:42:18.0312 1212   kbdhid - ok
06:42:19.0531 1212   kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
06:42:20.0062 1212   kmixer - ok
06:42:21.0125 1212   KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
06:42:21.0359 1212   KSecDD - ok
06:42:22.0406 1212   lbrtfdc - ok
06:42:23.0359 1212   MCSTRM - ok
06:42:24.0468 1212   MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
06:42:24.0640 1212   MHNDRV - ok
06:42:25.0625 1212   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:42:25.0796 1212   mnmdd - ok
06:42:26.0812 1212   Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
06:42:26.0968 1212   Modem - ok
06:42:28.0062 1212   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:42:28.0187 1212   MODEMCSA - ok
06:42:29.0234 1212   Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:42:29.0437 1212   Mouclass - ok
06:42:30.0453 1212   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:42:30.0609 1212   mouhid - ok
06:42:31.0687 1212   MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
06:42:31.0859 1212   MountMgr - ok
06:42:32.0812 1212   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:42:32.0968 1212   mraid35x - ok
06:42:34.0046 1212   MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:42:34.0687 1212   MRxDAV - ok
06:42:36.0078 1212   MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:42:36.0390 1212   MRxSmb - ok
06:42:37.0265 1212   Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
06:42:37.0484 1212   Msfs - ok
06:42:38.0406 1212   MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:42:38.0562 1212   MSKSSRV - ok
06:42:39.0500 1212   MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:42:39.0656 1212   MSPCLOCK - ok
06:42:40.0593 1212   MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
06:42:40.0734 1212   MSPQM - ok
06:42:41.0687 1212   mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:42:41.0843 1212   mssmbios - ok
06:42:42.0890 1212   Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
06:42:43.0062 1212   Mup - ok
06:42:43.0500 1212   NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVENG.SYS
06:42:43.0515 1212   NAVENG - ok
06:42:45.0375 1212   NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120313.020\NAVEX15.SYS
06:42:46.0671 1212   NAVEX15 - ok
06:42:47.0765 1212   NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
06:42:47.0937 1212   NDIS - ok
06:42:48.0812 1212   NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:42:48.0953 1212   NdisTapi - ok
06:42:49.0859 1212   Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:42:49.0937 1212   Ndisuio - ok
06:42:50.0890 1212   NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:42:51.0078 1212   NdisWan - ok
06:42:52.0031 1212   NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
06:42:52.0171 1212   NDProxy - ok
06:42:53.0171 1212   NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:42:53.0375 1212   NetBIOS - ok
06:42:54.0406 1212   NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:42:54.0562 1212   NetBT - ok
06:42:55.0531 1212   NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:42:55.0687 1212   NIC1394 - ok
06:42:56.0609 1212   Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
06:42:56.0734 1212   Npfs - ok
06:42:58.0296 1212   Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
06:42:59.0093 1212   Ntfs - ok
06:42:59.0953 1212   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:43:00.0125 1212   Null - ok
06:43:01.0000 1212   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:43:01.0156 1212   NwlnkFlt - ok
06:43:02.0062 1212   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:43:02.0234 1212   NwlnkFwd - ok
06:43:03.0140 1212   ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:43:03.0421 1212   ohci1394 - ok
06:43:04.0359 1212   Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
06:43:04.0546 1212   Parport - ok
06:43:05.0437 1212   PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
06:43:05.0578 1212   PartMgr - ok
06:43:06.0515 1212   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:43:06.0671 1212   ParVdm - ok
06:43:07.0640 1212   PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
06:43:07.0796 1212   PCI - ok
06:43:08.0656 1212   PCIDump - ok
06:43:09.0734 1212   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:43:09.0890 1212   PCIIde - ok
06:43:10.0875 1212   Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:43:11.0046 1212   Pcmcia - ok
06:43:12.0062 1212   PDCOMP - ok
06:43:13.0000 1212   PDFRAME - ok
06:43:13.0953 1212   PDRELI - ok
06:43:14.0828 1212   PDRFRAME - ok
06:43:15.0687 1212   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:43:15.0843 1212   perc2 - ok
06:43:16.0687 1212   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:43:16.0843 1212   perc2hib - ok
06:43:17.0781 1212   PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:43:17.0953 1212   PptpMiniport - ok
06:43:18.0953 1212   Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
06:43:19.0156 1212   Processor - ok
06:43:20.0140 1212   PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
06:43:20.0312 1212   PSched - ok
06:43:21.0265 1212   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:43:21.0453 1212   Ptilink - ok
06:43:22.0406 1212   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:43:22.0578 1212   ql1080 - ok
06:43:23.0531 1212   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:43:23.0703 1212   Ql10wnt - ok
06:43:24.0718 1212   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:43:24.0890 1212   ql12160 - ok
06:43:25.0843 1212   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:43:26.0015 1212   ql1240 - ok
06:43:27.0000 1212   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:43:27.0171 1212   ql1280 - ok
06:43:28.0078 1212   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:43:28.0234 1212   RasAcd - ok
06:43:29.0203 1212   Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:43:29.0375 1212   Rasl2tp - ok
06:43:30.0453 1212   RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:43:30.0625 1212   RasPppoe - ok
06:43:31.0546 1212   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:43:31.0703 1212   Raspti - ok
06:43:32.0796 1212   Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:43:33.0375 1212   Rdbss - ok
06:43:34.0265 1212   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:43:34.0453 1212   RDPCDD - ok
06:43:35.0687 1212   rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:43:35.0859 1212   rdpdr - ok
06:43:37.0031 1212   RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
06:43:37.0609 1212   RDPWD - ok
06:43:38.0718 1212   redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:43:38.0890 1212   redbook - ok
06:43:40.0218 1212   RTLWUSB (2ada41a7a4da7e24e131e9c80a130f95) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
06:43:40.0265 1212   RTLWUSB - ok
06:43:41.0406 1212   sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:43:41.0546 1212   sdbus - ok
06:43:42.0500 1212   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:43:43.0062 1212   Secdrv - ok
06:43:44.0109 1212   Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
06:43:44.0281 1212   Serial - ok
06:43:45.0265 1212   Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:43:45.0437 1212   Sfloppy - ok
06:43:46.0343 1212   Simbad - ok
06:43:47.0375 1212   sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:43:47.0578 1212   sisagp - ok
06:43:48.0578 1212   SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
06:43:48.0609 1212   SjyPkt ( UnsignedFile.Multi.Generic ) - warning
06:43:48.0609 1212   SjyPkt - detected UnsignedFile.Multi.Generic (1)
06:43:50.0828 1212   smserial (859e3adc59d1c89a66aa6492c14d379e) C:\WINDOWS\system32\DRIVERS\smserial.sys
06:43:51.0640 1212   smserial - ok
06:43:52.0531 1212   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:43:52.0640 1212   Sparrow - ok
06:43:53.0593 1212   splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
06:43:54.0156 1212   splitter - ok
06:43:55.0203 1212   sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
06:43:55.0328 1212   sr - ok
06:43:56.0937 1212   SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SRTSP.SYS
06:43:57.0203 1212   SRTSP - ok
06:43:58.0265 1212   SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SRTSPX.SYS
06:43:58.0281 1212   SRTSPX - ok
06:43:59.0640 1212   Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
06:43:59.0968 1212   Srv - ok
06:44:02.0328 1212   STHDA (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
06:44:03.0484 1212   STHDA - ok
06:44:04.0437 1212   swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:44:04.0593 1212   swenum - ok
06:44:05.0609 1212   swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
06:44:05.0781 1212   swmidi - ok
06:44:06.0734 1212   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:44:06.0890 1212   symc810 - ok
06:44:07.0812 1212   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:44:07.0968 1212   symc8xx - ok
06:44:09.0437 1212   SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMDS.SYS
06:44:09.0703 1212   SymDS - ok
06:44:11.0562 1212   SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1207000.00D\SYMEFA.SYS
06:44:12.0093 1212   SymEFA - ok
06:44:13.0218 1212   SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:44:13.0218 1212   SymEvent - ok
06:44:14.0328 1212   SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1207000.00D\Ironx86.SYS
06:44:14.0328 1212   SymIRON - ok
06:44:15.0796 1212   SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NAV\1207000.00D\SYMTDI.SYS
06:44:16.0062 1212   SYMTDI - ok
06:44:17.0015 1212   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:44:17.0187 1212   sym_hi - ok
06:44:18.0109 1212   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:44:18.0250 1212   sym_u3 - ok
06:44:19.0437 1212   SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:44:19.0515 1212   SynTP - ok
06:44:20.0562 1212   sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
06:44:20.0734 1212   sysaudio - ok
06:44:22.0203 1212   Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:44:22.0546 1212   Tcpip - ok
06:44:23.0468 1212   TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:44:23.0593 1212   TDPIPE - ok
06:44:24.0562 1212   TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
06:44:24.0718 1212   TDTCP - ok
06:44:25.0734 1212   TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:44:25.0937 1212   TermDD - ok
06:44:27.0171 1212   tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
06:44:27.0250 1212   tifm21 - ok
06:44:28.0312 1212   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:44:28.0484 1212   TosIde - ok
06:44:29.0734 1212   Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
06:44:29.0890 1212   Udfs - ok
06:44:31.0093 1212   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:44:31.0218 1212   ultra - ok
06:44:32.0453 1212   Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
06:44:32.0718 1212   Update - ok
06:44:33.0859 1212   usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
06:44:33.0953 1212   usbbus - ok
06:44:35.0046 1212   usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:44:35.0203 1212   usbccgp - ok
06:44:36.0312 1212   UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
06:44:36.0343 1212   UsbDiag - ok
06:44:37.0343 1212   usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:44:37.0562 1212   usbehci - ok
06:44:38.0578 1212   usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:44:38.0750 1212   usbhub - ok
06:44:39.0812 1212   USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
06:44:39.0812 1212   USBModem - ok
06:44:40.0781 1212   usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:44:40.0937 1212   usbohci - ok
06:44:41.0968 1212   usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:44:42.0140 1212   usbprint - ok
06:44:43.0078 1212   usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:44:43.0250 1212   usbscan - ok
06:44:44.0171 1212   usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:44:44.0328 1212   usbstor - ok
06:44:45.0281 1212   usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:44:45.0421 1212   usbuhci - ok
06:44:46.0312 1212   VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
06:44:46.0531 1212   VgaSave - ok
06:44:47.0468 1212   viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:44:47.0593 1212   viaagp - ok
06:44:48.0515 1212   ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:44:48.0671 1212   ViaIde - ok
06:44:49.0609 1212   VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
06:44:49.0765 1212   VolSnap - ok
06:44:50.0843 1212   Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:44:51.0015 1212   Wanarp - ok
06:44:52.0062 1212   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:44:52.0125 1212   wanatw - ok
06:44:53.0046 1212   WDICA - ok
06:44:54.0062 1212   wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
06:44:54.0734 1212   wdmaud - ok
06:44:56.0062 1212   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:44:56.0187 1212   WpdUsb - ok
06:44:57.0203 1212   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:44:57.0359 1212   WS2IFSL - ok
06:44:58.0484 1212   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:44:58.0562 1212   WudfPf - ok
06:44:59.0656 1212   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:44:59.0687 1212   WudfRd - ok
06:45:00.0953 1212   yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
06:45:01.0062 1212   yukonwxp - ok
06:45:01.0218 1212   MBR (0x1B8) (8907fe6d05fc0125fc299b39ac847b22) \Device\Harddisk0\DR0
06:45:01.0765 1212   \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:45:01.0765 1212   \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:45:01.0796 1212   MBR (0x1B8) (27404125736778bfe04b04c009d4b2f4) \Device\Harddisk1\DR3
06:45:04.0875 1212   \Device\Harddisk1\DR3 - ok
06:45:04.0921 1212   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
06:45:05.0109 1212   \Device\Harddisk2\DR4 - ok
06:45:05.0171 1212   Boot (0x1200) (15a645c4a3e9b9710f0cdab72f71131b) \Device\Harddisk0\DR0\Partition0
06:45:05.0171 1212   \Device\Harddisk0\DR0\Partition0 - ok
06:45:05.0296 1212   Boot (0x1200) (79f505903993a4db0152c16292f362ad) \Device\Harddisk0\DR0\Partition1
06:45:05.0296 1212   \Device\Harddisk0\DR0\Partition1 - ok
06:45:05.0343 1212   Boot (0x1200) (fdbc5a59142cc779497e1bfd2ce1c583) \Device\Harddisk2\DR4\Partition0
06:45:05.0343 1212   \Device\Harddisk2\DR4\Partition0 - ok
06:45:05.0375 1212   ============================================================
06:45:05.0375 1212   Scan finished
06:45:05.0375 1212   ============================================================
06:45:05.0578 1220   Detected object count: 4
06:45:05.0578 1220   Actual detected object count: 4
06:45:31.0593 1220   AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
06:45:31.0593 1220   AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:45:31.0593 1220   Afc ( UnsignedFile.Multi.Generic ) - skipped by user
06:45:31.0593 1220   Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:45:31.0625 1220   SjyPkt ( UnsignedFile.Multi.Generic ) - skipped by user
06:45:31.0625 1220   SjyPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:45:31.0640 1220   \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:45:31.0640 1220   \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

rebooting now to look for recovery console

ngt · « **Reply #36 on:** March 16, 2012, 08:40:31 AM »

Went to reboot it. It froze a number of times on the "Gateway" screen with the blue bar about 3/4 of the way across. Wouldn't let me get into safe mode, wouldn't let me get into the menu or boot menu with f10 or f2. after about 7-8 tried I hit f7,f8,f9,f10 together, pretty much out of frustration. Well, the bar went across and a screen popped up that said a bunch of stuff and at the bottom it said "initializing mouse"..then the next thing listed it said ERROR..0280 and something about using a default something.

I reset it manually again since it froze there and it got passed the Gateway screen like normal. The 3 options popped up.

1-Windows Recovery Console
2-(don't select this one)
3-Microsoft something...

it automatically selected #3 in about 2 seconds and moved on to the Microsoft Windows XP screen. I let it go to see what would happen and it froze like normal with the 3 blue blocks under the Windows name scrolling through over and over and over and over. I manually restarted it again and when it got to the black screen right before this screen I hit F8 for safe mode with networking. After selecting safe mode with networking, a screen came up with things things like miscrosoft windows xp, debug mode and some others. I selected the regular xp one and then the screen that popped up for a few seconds with the #1,#2,#3 options listed above came up again and made me manually select on. I hit the Microsoft something one and it booted up to safe mode with networking like normal.

that's where I'm at....scared to turn off my laptop, lol

thanks again!!

kevinf80 · « **Reply #37 on:** March 16, 2012, 01:29:56 PM »

This is frustrating for sure, I`d like you to do a clean boot of your system and see if it will boot normally.....

Click Start, click Run, type msconfig, and then click OK.

The System Configuration Utility dialog box should be displayed.

We now need to configure selective startup options:

In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK. this will disable none MS services.
When you are prompted, click Restart to restart the computer.

When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

If the clean boot fixes the issue do the following:

Repeat as above, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services.
If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the rogue sevice.

Let me know how you get on, I know it is a laborious task but it will locate the issue. Obviously if the issue happens with the initial clean boot we`ll have to think again....

Kevin.

ngt · « **Reply #38 on:** March 16, 2012, 02:47:04 PM »

I can't even get it to boot up in safe mode Now. It freezes at the screen that lists all of the drivers. Any advice on how to get that thing back on so I can do what you posted? Posting from my phone right now.

ngt · « **Reply #39 on:** March 16, 2012, 03:07:34 PM »

The only thing I can get to work out of all of the options available Is the recovery console thing. Anything I can do to get back to where I was before we started all this From that prompt.

ngt · « **Reply #40 on:** March 16, 2012, 04:03:16 PM »

There is an option that says fix boot into recovery console section? I didn't do anything but I was just poking around in there. Turns out the not being able to connect to the internet thing was a comcast problem and not my computer. I can Get online just fine now from my phone on my playstation. still can't turn my laptop on though..... ideas?

kevinf80 · « **Reply #41 on:** March 16, 2012, 04:12:12 PM »

Boot your PC, use the up/down to select the Recovery Console:

Once the Recovery Console loads up, you will have to type in a number that corresponds to your Windows installation. This is normally just 1. Tap Enter and then type in the Administrator password. Tap enter, leave blank if no password is set.

Now at the prompt, type in fixmbr tap enter. Your damaged MBR will now be replaced with a new master boot record. When that completes type in fixboot and tap enter.

Next type in exit tap enter, your PC should re-boot....

ngt · « **Reply #42 on:** March 16, 2012, 04:30:10 PM »

miniNT is #1 and windows is #2. Which one do i want?

kevinf80 · « **Reply #43 on:** March 16, 2012, 04:49:01 PM »

I`ve never seen a layout like that, go for #2

ngt · « **Reply #44 on:** March 16, 2012, 05:07:14 PM »

I Did what you said in the recovery console section with the prompt, and then rebooted the system in safe mode with networking And is still freezes at the screen were all of the drivers are being listed. The last driver listed, If it matters Is:

Multi(0)disk(0)rdisk(0)partition(1)\windows\system32\drivers\agpCPQ.sys

Then it just freezes. Before they use to go to the screen and stop and then load up In safe mode with networking. Now I just stops in stays there.

Ideas?

News:

Author Topic: [Resolved K] got something going on, what do you think? (Read 4384 times)

ngt

Re: [Resolved K] got something going on, what do you think?

kevinf80

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

kevinf80

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

kevinf80

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

kevinf80

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?

kevinf80

Re: [Resolved K] got something going on, what do you think?

ngt

Re: [Resolved K] got something going on, what do you think?