Inactive [A] Help! Infected with RootKit.ZeroAccess Virus

Status
Not open for further replies.
S

sjy

Posts: 58   +0
I use PC Tools Spyware and it cannot get rid of this virus.

I ran aswMBR and the most recent version of ComboFix (three times w/ reboots) and still no luck! And now I'm starting to notice a lot of websites are not loading up properly. This is a "Medium" threat according to PC Spyware, but seems to be preogressively getting worse.

Thanks!

Here's my aswMBR log file from yesterday:

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 13:34:45
-----------------------------
13:34:45.000 OS Version: Windows 5.1.2600 Service Pack 3
13:34:45.000 Number of processors: 4 586 0x502
13:34:45.000 ComputerName: STEVE UserName: Owner
13:34:45.593 Initialize success
13:43:22.750 AVAST engine defs: 12022901
13:47:39.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:47:39.078 Disk 0 Vendor: WDC_WD6400AACS-00D6B1 01.01A01 Size: 610480MB BusType: 3
13:47:41.109 Disk 0 MBR read successfully
13:47:41.125 Disk 0 MBR scan
13:47:41.156 Disk 0 Windows XP default MBR code
13:47:41.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
13:47:41.171 Disk 0 Partition - 00 0F Extended LBA 310467 MB offset 614405925
13:47:41.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310467 MB offset 614405988
13:47:41.203 Disk 0 scanning sectors +1250242560
13:47:41.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:47:42.250 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Aluroot [Rtk]
13:47:47.484 Service scanning
13:47:47.937 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
13:47:48.593 Modules scanning
13:47:53.906 Disk 0 trace - called modules:
13:47:53.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b069ae1]<<
13:47:53.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b138ab8]
13:47:53.953 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> [0x8b08be50]
13:47:53.968 5 PCTCore.sys[ba699407] -> nt!IofCallDriver -> \Device\00000078[0x8b106f18]
13:47:53.984 7 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b113940]
13:47:55.937 AVAST engine scan C:\WINDOWS
13:48:05.968 AVAST engine scan C:\WINDOWS\system32
13:49:31.390 AVAST engine scan C:\WINDOWS\system32\drivers
13:49:32.546 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Aluroot [Rtk]
13:49:44.296 AVAST engine scan C:\Documents and Settings\Owner
13:58:47.968 File: C:\Documents and Settings\Owner\Local Settings\temp\D01.tmp **INFECTED** Win32:Kryptik-HRX [Trj]
13:58:48.046 File: C:\Documents and Settings\Owner\Local Settings\temp\D09.tmp **INFECTED** Win32:Dropper-gen [Drp]
13:59:37.859 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8MEJYPJG\10[1].exe **INFECTED** Win32:Dropper-gen [Drp]
14:11:02.187 AVAST engine scan C:\Documents and Settings\All Users
14:14:09.265 Scan finished successfully
14:14:57.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\MBR.dat"
14:14:57.156 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\aswMBR-2-29-12.txt"


aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 15:14:33
-----------------------------
15:14:33.734 OS Version: Windows 5.1.2600 Service Pack 3
15:14:33.734 Number of processors: 4 586 0x502
15:14:33.734 ComputerName: STEVE UserName: Owner
15:14:34.265 Initialize success
15:14:42.656 AVAST engine defs: 12022901
15:17:55.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:17:55.296 Disk 0 Vendor: WDC_WD6400AACS-00D6B1 01.01A01 Size: 610480MB BusType: 3
15:17:57.328 Disk 0 MBR read successfully
15:17:57.328 Disk 0 MBR scan
15:17:57.359 Disk 0 Windows XP default MBR code
15:17:57.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
15:17:57.375 Disk 0 Partition - 00 0F Extended LBA 310467 MB offset 614405925
15:17:57.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310467 MB offset 614405988
15:17:57.406 Disk 0 scanning sectors +1250242560
15:17:57.468 Disk 0 scanning C:\WINDOWS\system32\drivers
15:17:58.421 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Aluroot [Rtk]
15:18:03.484 Service scanning
15:18:03.734 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
15:18:04.468 Modules scanning
15:18:09.546 Disk 0 trace - called modules:
15:18:09.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b047de9]<<
15:18:09.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0c4ab8]
15:18:09.593 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> [0x8b006920]
15:18:09.609 5 PCTCore.sys[ba699407] -> nt!IofCallDriver -> \Device\00000079[0x8b111e50]
15:18:09.625 7 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b0ded98]
15:18:10.390 AVAST engine scan C:\WINDOWS
15:18:20.937 AVAST engine scan C:\WINDOWS\system32
15:19:46.343 AVAST engine scan C:\WINDOWS\system32\drivers
15:19:47.546 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Aluroot [Rtk]
15:19:59.578 AVAST engine scan C:\Documents and Settings\Owner
15:25:02.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\MBR.dat"
15:25:02.734 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\aswMBR-2-29-12.txt"
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 2 Question

At the end of removing the infected files - a Windows pop up appeared saying "Files that were required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability. Windows must restore the original versions of these files." However, I do not have a Windows XP disc! Should I hit cancel?
Thanks!
___________________________________________________

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: STEVE [administrator]

Protection: Enabled

3/2/2012 11:26:08 AM
mbam-log-2012-03-02 (11-26-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252883
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Delete on reboot.

Registry Keys Detected: 8
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\ojj.exe" -a "C:\PROGRAM FILES\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\temp\D01.tmp (Spyware.Password) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\D09.tmp (Trojan.Agent.PE5) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)
 
Disregard that Windows warning.
We can always find replacement if needed.

Go ahead with other steps.
 
Okay. Here's the GMER log file:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-03 06:32:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD6400AACS-00D6B1 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA695C0C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA695ED4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6C7E16]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA4C9930]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xAB8506D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D70A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70A4] ZwCreateKey [0x804D70A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x804D70AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70AE] ZwDeleteKey [0x804D70AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x804D709F]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D709F] ZwDeleteValueKey [0x804D709F]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x804D70B3]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70B3] ZwEnumerateKey [0x804D70B3]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x804D70B8]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70B8] ZwEnumerateValueKey [0x804D70B8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D70C7]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C7] ZwOpenKey [0x804D70C7]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70C2] ZwQueryKey [0x804D70C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x804D70BD]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70BD] ZwQueryValueKey [0x804D70BD]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x804D70A9]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70A9] ZwSetValueKey [0x804D70A9]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70DB

---- Kernel code sections - GMER 1.0.15 ----

.text atapi.sys BA6F1852 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E40380, 0x5414D5, 0xE8000020]
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xABB5F000, 0x44527, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xABBB1224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xABBB1000, 0x7000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xABA3C400, 0x88182, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xABAE0820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xABAE0820]
.protectÿÿÿÿhardlockunknown last code section [0xABAE0600, 0x50F6, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xABAE0600, 0x50F6, 0xE0000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Disk \Device\Harddisk1\DR3 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+a aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DR4 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+b aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk3\DR5 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+c aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk4\DR6 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\Disk \Device\Harddisk5\DP(1)0-0+d aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk5\DR7 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- Threads - GMER 1.0.15 ----

Thread System [4:160] 8B04E161
Thread System [4:164] 8AE62C30

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
 
Here's the DDS Attach.txt log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2009 1:38:51 AM
System Uptime: 3/2/2012 9:34:54 PM (9 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 127.494 GiB free.
D: is FIXED (NTFS) - 303 GiB total, 188.714 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 39 GiB total, 13.874 GiB free.
K: is FIXED (NTFS) - 110 GiB total, 0.773 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHP_DVD_A__DH16AAL_______________________LHD7____\4433393939333030333732362020202020202020
Manufacturer: (Standard CD-ROM drives)
Name: hp DVD A DH16AAL
PNP Device ID: IDE\CDROMHP_DVD_A__DH16AAL_______________________LHD7____\4433393939333030333732362020202020202020
Service: cdrom
.
==== System Restore Points ===================
.
RP10: 12/26/2011 11:51:06 AM - ComboFix created restore point
RP11: 12/27/2011 12:28:44 PM - System Checkpoint
RP12: 12/28/2011 1:09:22 PM - System Checkpoint
RP13: 12/29/2011 2:09:23 PM - System Checkpoint
RP14: 12/30/2011 2:21:24 PM - System Checkpoint
RP15: 12/31/2011 5:34:56 PM - System Checkpoint
RP16: 1/1/2012 7:20:37 PM - System Checkpoint
RP17: 1/2/2012 9:09:24 PM - System Checkpoint
RP18: 1/3/2012 10:03:41 PM - System Checkpoint
RP19: 1/4/2012 11:03:41 PM - System Checkpoint
RP20: 1/6/2012 12:03:42 AM - System Checkpoint
RP21: 1/7/2012 12:13:01 AM - System Checkpoint
RP22: 1/8/2012 1:03:40 AM - System Checkpoint
RP23: 1/8/2012 8:58:56 AM - Software Distribution Service 3.0
RP24: 1/9/2012 9:03:40 AM - System Checkpoint
RP25: 1/10/2012 10:03:45 AM - System Checkpoint
RP26: 1/11/2012 11:03:40 AM - System Checkpoint
RP27: 1/12/2012 11:05:46 AM - System Checkpoint
RP28: 1/13/2012 9:28:35 PM - System Checkpoint
RP29: 1/14/2012 10:02:46 PM - System Checkpoint
RP30: 1/15/2012 11:02:41 PM - System Checkpoint
RP31: 1/17/2012 12:02:41 AM - System Checkpoint
RP32: 1/18/2012 1:02:41 AM - System Checkpoint
RP33: 1/19/2012 2:02:41 AM - System Checkpoint
RP34: 1/20/2012 3:02:45 AM - System Checkpoint
RP35: 1/21/2012 4:02:43 AM - System Checkpoint
RP36: 1/22/2012 4:02:58 AM - System Checkpoint
RP37: 1/23/2012 5:02:56 AM - System Checkpoint
RP38: 1/23/2012 7:55:39 PM - Installed Windows XP Wdf01007.
RP39: 1/24/2012 8:02:54 PM - System Checkpoint
RP40: 1/25/2012 9:02:58 PM - System Checkpoint
RP41: 1/26/2012 10:02:58 PM - System Checkpoint
RP42: 1/28/2012 12:43:33 PM - System Checkpoint
RP43: 1/29/2012 12:58:11 PM - System Checkpoint
RP44: 1/30/2012 6:57:55 PM - System Checkpoint
RP45: 1/31/2012 7:18:42 PM - System Checkpoint
RP46: 2/1/2012 9:56:52 PM - System Checkpoint
RP47: 2/3/2012 12:06:41 AM - System Checkpoint
RP48: 2/4/2012 11:24:35 AM - System Checkpoint
RP49: 2/5/2012 12:40:49 PM - System Checkpoint
RP50: 2/6/2012 6:01:24 PM - System Checkpoint
RP51: 2/7/2012 6:30:47 PM - System Checkpoint
RP52: 2/9/2012 8:03:34 AM - System Checkpoint
RP53: 2/10/2012 8:09:47 AM - System Checkpoint
RP54: 2/11/2012 8:29:49 AM - System Checkpoint
RP55: 2/12/2012 12:17:51 PM - System Checkpoint
RP56: 2/13/2012 12:29:46 PM - System Checkpoint
RP57: 2/14/2012 7:09:48 PM - System Checkpoint
RP58: 2/15/2012 7:52:59 PM - System Checkpoint
RP59: 2/16/2012 8:26:33 PM - System Checkpoint
RP60: 2/18/2012 12:13:30 PM - System Checkpoint
RP61: 2/19/2012 12:42:17 PM - System Checkpoint
RP62: 2/20/2012 7:37:12 PM - System Checkpoint
RP63: 2/21/2012 8:18:10 PM - System Checkpoint
RP64: 2/22/2012 9:06:18 PM - System Checkpoint
RP65: 2/23/2012 10:40:12 PM - System Checkpoint
RP66: 2/24/2012 11:06:22 PM - System Checkpoint
RP67: 2/26/2012 12:06:21 AM - System Checkpoint
RP68: 2/27/2012 1:06:18 AM - System Checkpoint
RP69: 2/27/2012 3:26:10 PM - Spyware Doctor: Cleaning Threats
RP70: 2/27/2012 3:50:18 PM - Spyware Doctor: Cleaning Threats
RP71: 2/27/2012 3:57:13 PM - Spyware Doctor: Cleaning Threats
RP72: 2/27/2012 4:13:36 PM - PC Tools Spyware Doctor: Cleaning Threats
RP73: 2/27/2012 4:27:34 PM - PC Tools Spyware Doctor: Cleaning Threats
RP74: 2/27/2012 4:29:54 PM - PC Tools Spyware Doctor: Cleaning Threats
RP75: 2/27/2012 4:46:10 PM - PC Tools Spyware Doctor: Cleaning Threats
RP76: 2/27/2012 4:46:35 PM - PC Tools Spyware Doctor: Cleaning Threats
RP77: 2/27/2012 6:07:09 PM - PC Tools Spyware Doctor: Cleaning Threats
RP78: 2/28/2012 9:07:19 AM - PC Tools Spyware Doctor: Cleaning Threats
RP79: 2/28/2012 6:07:05 PM - PC Tools Spyware Doctor: Cleaning Threats
RP80: 2/29/2012 1:06:04 PM - PC Tools Spyware Doctor: Cleaning Threats
RP81: 2/29/2012 1:06:24 PM - PC Tools Spyware Doctor: Cleaning Threats
RP82: 2/29/2012 1:28:51 PM - ARO 2012 - Before Installation
RP83: 2/29/2012 1:29:18 PM - ARO 2012 - FIRST RUN
RP84: 3/1/2012 6:08:00 PM - PC Tools Spyware Doctor: Cleaning Threats
RP85: 3/2/2012 6:52:04 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt-Tab Task Switcher Powertoy for Windows XP
Amazon MP3 Downloader 1.0.12
AnswerWorks Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audio MP3 Sound Recorder
AutoCAD 2000i Migration Assistance
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
AutoCAD Land Development Desktop 2i
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Bonjour
Browser Defender 4.0
Chief Architect X2
Color LaserJet 1600
Connect
Debut Video Capture Software
Download Manager
DV Studio3
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
DVDVideoSoftTB Toolbar
Easy DV to DVD
EPSON Printer Software
EPSON Scan
Fast Search
Free Video to MP3 Converter version 5.0.2.1125
Google Chrome
Google Earth Plug-in
Google Update Helper
HashCheck Shell Extension (x86-32)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
I Want This
iTunes
Java Auto Updater
Java(TM) 6 Update 23
K-Lite Mega Codec Pack 5.2.0
kuler
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA Performance
NVIDIA System Monitor
NVIDIA System Update
Open Command Prompt Shell Extension (x86-32)
PACE System Files
PC Tools Spyware Doctor 9.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QuickBooks
QuickBooks Pro 2010
QuickBooks Product Listing Service
QuickTime
QuickTime Alternative 3.0.0
Realtek High Definition Audio Driver
RebateRobot for Online Shopping version 1.0.2
Replay Music
Safari
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sophocles 2003 (Remove Only)
Spotify
Style Jukebox (Beta)
Suite Shared Configuration CS4
Super Mp3 Recorder 2.5
SupportSoft Assisted Service
SureThing CD Labeler LightScribe Trial 5
Unlocker 1.8.7
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
User Profile Hive Cleanup Service
WAV to MP3 Encoder
WebFldrs XP
WinAVI Video Capture 2.0
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WMA MP3 Converter v4.3 build 1489
X2X Free MP3 Converter 3.1
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/2/2012 8:50:22 PM, error: SR [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'local.conf' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/2/2012 12:21:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/2/2012 11:48:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
3/2/2012 11:25:35 AM, error: PlugPlayManager [11] - The device Root\LEGACY_CATCHME\0000 disappeared from the system without first being prepared for removal.
2/27/2012 9:54:35 AM, error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
2/27/2012 4:04:01 PM, error: PCTCore [280] - The item store is corrupted: @5512.
2/27/2012 4:03:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
2/27/2012 4:00:45 PM, error: Service Control Manager [7000] - The PC Tools Browser Defender Driver service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
2/27/2012 4:00:36 PM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor Driver service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
2/27/2012 3:59:32 PM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
.
==== End Of File ===========================
 
And the DOS.txt file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 6:42:55 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2416 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\gmer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Download Manager\DownloadManager.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: RebateRobot BHO: {66616350-a70c-4ff5-912e-a92b8076f6f7} - c:\program files\rebaterobot\RebateRobot.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Download Manager: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadManager] "c:\program files\download manager\DownloadManager.exe" /as
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADkAMwA2ADMAOQA4ADkALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMgAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwA0ADkANAAwADQALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADMALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgBOACsAMQAtAEYAVQBJACsAMgA"&"prod=90"&"ver=9.0.894
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57D9B49F-9F74-4830-BDE9-39538E21FEBA} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 87.229.126.50 www.google.com
Hosts: 87.229.126.51 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wykhr570.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2086743&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111124&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\mozilla firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: FreeSoundRecorder Community Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-24 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-24 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-24 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-27 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-27 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-24 253352]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-2-27 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-6-24 546768]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-2 652360]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-2 20464]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-2-27 56840]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-19 136176]
S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-10-2 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-19 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-10-2 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-10-2 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-10-2 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-10-2 9472]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-6-24 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-24 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-24 1117624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-27 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-03-02 16:25:25 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-03-02 16:25:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-02 16:25:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 16:25:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 20:26:22 -------- d-s---w- C:\ComboFix
2012-02-29 19:18:29 208896 ----a-w- c:\windows\MBR.exe
2012-02-29 19:18:28 98816 ----a-w- c:\windows\sed.exe
2012-02-29 19:18:28 518144 ----a-w- c:\windows\SWREG.exe
2012-02-29 19:18:28 256000 ----a-w- c:\windows\PEV.exe
2012-02-29 17:42:33 -------- d-----w- c:\program files\Download Manager
2012-02-29 17:42:32 -------- d-----w- c:\documents and settings\owner\local settings\application data\DownloadManager
2012-02-29 17:42:24 -------- d-----w- c:\program files\Surf Canyon
2012-02-29 17:42:20 -------- d-----w- C:\skin
2012-02-29 17:42:20 -------- d-----w- c:\program files\RebateRobot
2012-02-29 17:42:20 -------- d-----w- C:\defaults
2012-02-29 17:42:20 -------- d-----w- C:\content
2012-02-29 17:42:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\I Want This
2012-02-29 17:41:37 -------- d-----w- c:\program files\I Want This
2012-02-27 21:04:45 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-27 21:04:45 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-27 21:04:45 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-27 21:00:39 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-02-27 21:00:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-27 21:00:19 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-02-27 20:58:14 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2012-02-10 19:59:00 45056 ----a-w- c:\windows\scluins1.exe
2012-02-10 19:59:00 36864 ----a-w- c:\windows\smon03.exe
2012-02-10 19:58:59 -------- d-----w- c:\program files\Sophocles
.
==================== Find3M ====================
.
2012-02-27 20:31:26 1182680 ----a-w- c:\windows\system32\drivers\TfKbMon.sys.old
2012-01-16 21:28:50 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-16 21:28:48 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-01-16 21:28:48 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-01-16 21:28:28 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-11 21:19:24 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-11 21:14:30 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-23 12:51:25 50704 ----a-w- c:\windows\system32\drivers\npf.sys
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
============= FINISH: 6:44:03.85 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
It needed to reboot - and when it did my monitor settings were defaulted to 800x600. I reset back to1280x1040 - but it doesn't look right and there are bugs when I scroll.

Here's the logfile for TDSS:


14:27:48.0890 4004 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
14:27:49.0234 4004 ============================================================
14:27:49.0234 4004 Current date / time: 2012/03/03 14:27:49.0234
14:27:49.0234 4004 SystemInfo:
14:27:49.0234 4004
14:27:49.0234 4004 OS Version: 5.1.2600 ServicePack: 3.0
14:27:49.0234 4004 Product type: Workstation
14:27:49.0234 4004 ComputerName: STEVE
14:27:49.0234 4004 UserName: Owner
14:27:49.0234 4004 Windows directory: C:\WINDOWS
14:27:49.0234 4004 System windows directory: C:\WINDOWS
14:27:49.0234 4004 Processor architecture: Intel x86
14:27:49.0234 4004 Number of processors: 4
14:27:49.0234 4004 Page size: 0x1000
14:27:49.0234 4004 Boot type: Normal boot
14:27:49.0234 4004 ============================================================
14:27:50.0218 4004 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:27:50.0296 4004 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:27:54.0640 4004 \Device\Harddisk0\DR0:
14:27:54.0656 4004 MBR used
14:27:54.0656 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
14:27:54.0671 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x25E6189C
14:27:54.0671 4004 \Device\Harddisk1\DR3:
14:27:54.0671 4004 MBR used
14:27:54.0671 4004 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
14:27:54.0671 4004 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0xDBF9C96
14:27:54.0937 4004 Initialize success
14:27:54.0937 4004 ============================================================
14:27:57.0140 3020 ============================================================
14:27:57.0140 3020 Scan started
14:27:57.0140 3020 Mode: Manual;
14:27:57.0140 3020 ============================================================
14:27:58.0515 3020 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
14:27:58.0515 3020 61883 - ok
14:27:59.0562 3020 Abiosdsk - ok
14:28:00.0609 3020 abp480n5 - ok
14:28:01.0656 3020 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:28:01.0656 3020 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
14:28:01.0656 3020 ACPI ( Virus.Win32.Rloader.a ) - infected
14:28:01.0656 3020 ACPI - detected Virus.Win32.Rloader.a (0)
14:28:02.0718 3020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:28:02.0718 3020 ACPIEC - ok
14:28:03.0765 3020 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
14:28:03.0765 3020 adfs - ok
14:28:04.0812 3020 adpu160m - ok
14:28:05.0875 3020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:28:05.0875 3020 aec - ok
14:28:06.0953 3020 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
14:28:06.0953 3020 AFD - ok
14:28:08.0046 3020 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:28:08.0078 3020 AgereSoftModem - ok
14:28:09.0109 3020 Aha154x - ok
14:28:10.0140 3020 aic78u2 - ok
14:28:11.0171 3020 aic78xx - ok
14:28:12.0234 3020 aksfridge (9e989429631a0588c60c430fd7db7576) C:\WINDOWS\system32\drivers\aksfridge.sys
14:28:12.0234 3020 aksfridge - ok
14:28:13.0281 3020 AliIde - ok
14:28:14.0312 3020 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:28:14.0312 3020 AmdPPM - ok
14:28:15.0390 3020 amsint - ok
14:28:16.0453 3020 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:28:16.0468 3020 Arp1394 - ok
14:28:17.0500 3020 asc - ok
14:28:18.0515 3020 asc3350p - ok
14:28:19.0546 3020 asc3550 - ok
14:28:20.0625 3020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:28:20.0625 3020 AsyncMac - ok
14:28:21.0671 3020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:28:21.0671 3020 atapi - ok
14:28:22.0718 3020 Atdisk - ok
14:28:23.0859 3020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:28:23.0875 3020 Atmarpc - ok
14:28:27.0531 3020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:28:27.0562 3020 audstub - ok
14:28:31.0078 3020 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
14:28:31.0093 3020 Avc - ok
14:28:34.0484 3020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:28:34.0500 3020 Beep - ok
14:28:38.0015 3020 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
14:28:38.0031 3020 BTCFilterService - ok
14:28:39.0765 3020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:28:39.0765 3020 cbidf2k - ok
14:28:40.0828 3020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:28:40.0828 3020 CCDECODE - ok
14:28:41.0828 3020 cd20xrnt - ok
14:28:42.0843 3020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:28:42.0843 3020 Cdaudio - ok
14:28:43.0859 3020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:28:43.0859 3020 Cdfs - ok
14:28:44.0875 3020 Cdrom - ok
14:28:45.0875 3020 Changer - ok
14:28:46.0890 3020 CmdIde - ok
14:28:47.0921 3020 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:28:47.0921 3020 Compbatt - ok
14:28:48.0937 3020 Cpqarray - ok
14:28:49.0937 3020 dac2w2k - ok
14:28:50.0937 3020 dac960nt - ok
14:28:52.0000 3020 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
14:28:52.0000 3020 Disk - ok
14:28:53.0031 3020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:28:53.0046 3020 dmboot - ok
14:28:54.0078 3020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:28:54.0093 3020 dmio - ok
14:28:55.0156 3020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:28:55.0156 3020 dmload - ok
14:28:56.0187 3020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:28:56.0187 3020 DMusic - ok
14:28:57.0218 3020 dpti2o - ok
14:28:58.0234 3020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:28:58.0234 3020 drmkaud - ok
14:28:59.0250 3020 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
14:28:59.0250 3020 DumpDrv - ok
14:29:00.0281 3020 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
14:29:00.0281 3020 exFat - ok
14:29:01.0312 3020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:29:01.0312 3020 Fastfat - ok
14:29:02.0406 3020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:29:02.0406 3020 Fdc - ok
14:29:03.0453 3020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:29:03.0453 3020 Fips - ok
14:29:04.0468 3020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:29:04.0484 3020 Flpydisk - ok
14:29:05.0531 3020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:29:05.0531 3020 FltMgr - ok
14:29:06.0531 3020 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:29:06.0531 3020 Fs_Rec - ok
14:29:07.0546 3020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:29:07.0546 3020 Ftdisk - ok
14:29:08.0562 3020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:29:08.0562 3020 GEARAspiWDM - ok
14:29:09.0578 3020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:29:09.0578 3020 Gpc - ok
14:29:10.0968 3020 Hardlock (c03718f2b954972a40ad75e22d159f9f) C:\WINDOWS\system32\drivers\hardlock.sys
14:29:11.0000 3020 Hardlock - ok
14:29:14.0484 3020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:29:14.0500 3020 HDAudBus - ok
14:29:18.0015 3020 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
14:29:18.0015 3020 HidBatt - ok
14:29:21.0531 3020 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:29:21.0546 3020 hidusb - ok
14:29:24.0015 3020 hpn - ok
14:29:25.0328 3020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:29:25.0343 3020 HTTP - ok
14:29:26.0328 3020 i2omgmt - ok
14:29:27.0312 3020 i2omp - ok
14:29:28.0328 3020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:29:28.0328 3020 i8042prt - ok
14:29:29.0343 3020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:29:29.0343 3020 Imapi - ok
14:29:30.0328 3020 ini910u - ok
14:29:31.0421 3020 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:29:31.0515 3020 IntcAzAudAddService - ok
14:29:32.0500 3020 IntelIde - ok
14:29:33.0515 3020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:29:33.0515 3020 Ip6Fw - ok
14:29:34.0515 3020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:29:34.0515 3020 IpFilterDriver - ok
14:29:35.0484 3020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:29:35.0484 3020 IpInIp - ok
14:29:36.0500 3020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:29:36.0515 3020 IpNat - ok
14:29:37.0515 3020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:29:37.0515 3020 IPSec - ok
14:29:38.0515 3020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:29:38.0515 3020 IRENUM - ok
14:29:39.0500 3020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:29:39.0515 3020 isapnp - ok
14:29:40.0500 3020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:29:40.0500 3020 Kbdclass - ok
14:29:41.0484 3020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:29:41.0484 3020 kbdhid - ok
14:29:42.0453 3020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:29:42.0453 3020 kmixer - ok
14:29:43.0468 3020 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
14:29:43.0468 3020 KMWDFILTER - ok
14:29:44.0437 3020 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
14:29:44.0453 3020 KSecDD - ok
14:29:45.0406 3020 lbrtfdc - ok
14:29:46.0437 3020 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:29:46.0437 3020 MBAMProtector - ok
14:29:47.0406 3020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:29:47.0406 3020 Modem - ok
14:29:48.0390 3020 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
14:29:48.0390 3020 motccgp - ok
14:29:49.0375 3020 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
14:29:49.0375 3020 motccgpfl - ok
14:29:50.0359 3020 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
14:29:50.0359 3020 motmodem - ok
14:29:51.0359 3020 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
14:29:51.0359 3020 MotoSwitchService - ok
14:29:52.0343 3020 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
14:29:52.0343 3020 Motousbnet - ok
14:29:53.0328 3020 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
14:29:53.0328 3020 motusbdevice - ok
14:29:54.0328 3020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:29:54.0328 3020 Mouclass - ok
14:29:55.0328 3020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:29:55.0328 3020 mouhid - ok
14:29:57.0890 3020 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
14:29:57.0906 3020 MountMgr - ok
14:30:01.0312 3020 mraid35x - ok
14:30:04.0703 3020 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:30:04.0718 3020 MRxDAV - ok
14:30:08.0359 3020 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:30:08.0390 3020 MRxSmb - ok
14:30:10.0984 3020 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
14:30:10.0984 3020 MSDV - ok
14:30:12.0234 3020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:30:12.0234 3020 Msfs - ok
14:30:13.0234 3020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:30:13.0234 3020 MSKSSRV - ok
14:30:14.0218 3020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:30:14.0234 3020 MSPCLOCK - ok
14:30:15.0218 3020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:30:15.0218 3020 MSPQM - ok
14:30:16.0203 3020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:30:16.0203 3020 mssmbios - ok
14:30:17.0218 3020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:30:17.0218 3020 MSTEE - ok
14:30:18.0203 3020 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys
14:30:18.0203 3020 MTDVC2 - ok
14:30:19.0187 3020 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys
14:30:19.0187 3020 MTDVC2_ENUM - ok
14:30:20.0187 3020 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
14:30:20.0187 3020 Mup - ok
14:30:21.0156 3020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:30:21.0156 3020 NABTSFEC - ok
14:30:22.0140 3020 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
14:30:22.0140 3020 NDIS - ok
14:30:23.0140 3020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:30:23.0140 3020 NdisIP - ok
14:30:24.0109 3020 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:30:24.0109 3020 NdisTapi - ok
14:30:25.0109 3020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:30:25.0109 3020 Ndisuio - ok
14:30:26.0093 3020 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:30:26.0093 3020 NdisWan - ok
14:30:27.0062 3020 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:30:27.0062 3020 NDProxy - ok
14:30:28.0078 3020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:30:28.0078 3020 NetBIOS - ok
14:30:29.0046 3020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:30:29.0062 3020 NetBT - ok
14:30:30.0078 3020 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:30:30.0078 3020 NIC1394 - ok
14:30:31.0078 3020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:30:31.0078 3020 Npfs - ok
14:30:32.0062 3020 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
14:30:32.0078 3020 Ntfs - ok
14:30:33.0078 3020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:30:33.0078 3020 Null - ok
14:30:34.0109 3020 nv (41bfbf7108f4422c0d420804ba6254d8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:30:34.0265 3020 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 41bfbf7108f4422c0d420804ba6254d8, Fake md5: a05d99cbf55eb493c9e82b4bca848ef5
14:30:34.0296 3020 nv ( ForgedFile.Multi.Generic ) - warning
14:30:34.0296 3020 nv - detected ForgedFile.Multi.Generic (1)
14:30:35.0312 3020 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:30:35.0312 3020 NVENETFD - ok
14:30:36.0312 3020 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:30:36.0312 3020 nvnetbus - ok
14:30:37.0328 3020 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
14:30:37.0328 3020 nvoclock - ok
14:30:38.0343 3020 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
14:30:38.0343 3020 nvsmu - ok
14:30:39.0359 3020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:30:39.0359 3020 NwlnkFlt - ok
14:30:40.0375 3020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:30:40.0375 3020 NwlnkFwd - ok
14:30:41.0375 3020 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:30:41.0375 3020 ohci1394 - ok
14:30:42.0421 3020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:30:42.0421 3020 Parport - ok
14:30:45.0609 3020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:30:45.0625 3020 PartMgr - ok
14:30:49.0125 3020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:30:49.0140 3020 ParVdm - ok
14:30:52.0609 3020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:30:52.0609 3020 PCI - ok
14:30:56.0218 3020 PCIDump - ok
14:30:58.0765 3020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:30:58.0781 3020 PCIIde - ok
14:30:59.0921 3020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:30:59.0921 3020 Pcmcia - ok
14:31:00.0937 3020 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
14:31:00.0937 3020 pcouffin - ok
14:31:01.0921 3020 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
14:31:01.0937 3020 PCTBD - ok
14:31:02.0968 3020 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
14:31:02.0968 3020 PCTCore - ok
14:31:03.0984 3020 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
14:31:03.0984 3020 pctDS - ok
14:31:05.0015 3020 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys
14:31:05.0046 3020 pctEFA - ok
14:31:06.0062 3020 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\WINDOWS\system32\drivers\pctgntdi.sys
14:31:06.0062 3020 pctgntdi - ok
14:31:07.0062 3020 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\WINDOWS\system32\drivers\pctplsg.sys
14:31:07.0062 3020 pctplsg - ok
14:31:08.0062 3020 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\WINDOWS\system32\Drivers\PCTSD.sys
14:31:08.0078 3020 PCTSD - ok
14:31:09.0062 3020 PDCOMP - ok
14:31:10.0046 3020 PDFRAME - ok
14:31:11.0031 3020 PDRELI - ok
14:31:12.0000 3020 PDRFRAME - ok
14:31:13.0000 3020 perc2 - ok
14:31:13.0984 3020 perc2hib - ok
14:31:15.0015 3020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:15.0015 3020 PptpMiniport - ok
14:31:16.0015 3020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:31:16.0015 3020 Processor - ok
14:31:17.0015 3020 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:17.0015 3020 PSched - ok
14:31:18.0031 3020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:18.0031 3020 Ptilink - ok
14:31:19.0031 3020 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:19.0046 3020 PxHelp20 - ok
14:31:20.0015 3020 ql1080 - ok
14:31:21.0000 3020 Ql10wnt - ok
14:31:21.0984 3020 ql12160 - ok
14:31:22.0953 3020 ql1240 - ok
14:31:23.0937 3020 ql1280 - ok
14:31:24.0937 3020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:24.0937 3020 RasAcd - ok
14:31:25.0937 3020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:25.0937 3020 Rasl2tp - ok
14:31:26.0937 3020 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:26.0937 3020 RasPppoe - ok
14:31:27.0937 3020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:27.0937 3020 Raspti - ok
14:31:28.0937 3020 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:28.0937 3020 Rdbss - ok
14:31:29.0953 3020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:29.0953 3020 RDPCDD - ok
14:31:33.0093 3020 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:31:33.0109 3020 rdpdr - ok
14:31:36.0671 3020 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:36.0687 3020 RDPWD - ok
14:31:39.0796 3020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:39.0812 3020 redbook - ok
14:31:43.0312 3020 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
14:31:43.0328 3020 rspndr - ok
14:31:44.0984 3020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:44.0984 3020 Secdrv - ok
14:31:46.0296 3020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:31:46.0296 3020 Serial - ok
14:31:47.0281 3020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:47.0281 3020 Sfloppy - ok
14:31:48.0296 3020 Simbad - ok
14:31:49.0281 3020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:31:49.0281 3020 SLIP - ok
14:31:50.0265 3020 Sparrow - ok
14:31:51.0265 3020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:31:51.0265 3020 splitter - ok
14:31:52.0281 3020 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:52.0281 3020 SR - ok
14:31:53.0312 3020 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
14:31:53.0312 3020 Srv - ok
14:31:54.0343 3020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:31:54.0343 3020 streamip - ok
14:31:55.0359 3020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:31:55.0359 3020 swenum - ok
14:31:56.0343 3020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:31:56.0359 3020 swmidi - ok
14:31:57.0328 3020 symc810 - ok
14:31:58.0312 3020 symc8xx - ok
14:31:59.0296 3020 sym_hi - ok
14:32:00.0265 3020 sym_u3 - ok
14:32:01.0281 3020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:32:01.0281 3020 sysaudio - ok
14:32:02.0296 3020 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:02.0296 3020 Tcpip - ok
14:32:03.0312 3020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:03.0328 3020 TDPIPE - ok
14:32:04.0312 3020 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:04.0312 3020 TDTCP - ok
14:32:05.0296 3020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:05.0296 3020 TermDD - ok
14:32:06.0312 3020 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
14:32:06.0312 3020 TfFsMon - ok
14:32:07.0296 3020 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
14:32:07.0296 3020 TfNetMon - ok
14:32:08.0312 3020 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
14:32:08.0312 3020 TFSysMon - ok
14:32:09.0328 3020 TosIde - ok
14:32:10.0343 3020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:32:10.0343 3020 Udfs - ok
14:32:11.0328 3020 ultra - ok
14:32:12.0328 3020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:32:12.0343 3020 Update - ok
14:32:13.0359 3020 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:13.0359 3020 usbccgp - ok
14:32:14.0406 3020 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:14.0406 3020 usbehci - ok
14:32:15.0437 3020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:15.0437 3020 usbhub - ok
14:32:18.0593 3020 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:32:18.0609 3020 usbohci - ok
14:32:22.0156 3020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:22.0156 3020 usbprint - ok
14:32:25.0671 3020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:25.0671 3020 usbscan - ok
14:32:29.0453 3020 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:29.0453 3020 usbstor - ok
14:32:31.0937 3020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:32:31.0953 3020 VgaSave - ok
14:32:33.0093 3020 ViaIde - ok
14:32:34.0093 3020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:34.0093 3020 VolSnap - ok
14:32:35.0109 3020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:35.0109 3020 Wanarp - ok
14:32:36.0093 3020 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:32:36.0093 3020 Wdf01000 - ok
14:32:37.0093 3020 WDICA - ok
14:32:38.0078 3020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:38.0078 3020 wdmaud - ok
14:32:39.0109 3020 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:32:39.0109 3020 WmiAcpi - ok
14:32:40.0093 3020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:32:40.0093 3020 WpdUsb - ok
14:32:41.0078 3020 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:32:41.0078 3020 WS2IFSL - ok
14:32:42.0078 3020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:32:42.0078 3020 WSTCODEC - ok
14:32:43.0078 3020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:32:43.0078 3020 WudfPf - ok
14:32:44.0046 3020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:32:44.0046 3020 WudfRd - ok
14:32:44.0078 3020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:32:44.0187 3020 \Device\Harddisk0\DR0 - ok
14:32:44.0203 3020 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR3
14:32:44.0203 3020 \Device\Harddisk1\DR3 - ok
14:32:44.0203 3020 Boot (0x1200) (6d7e3ed55b7b1b815cf0f6e375267edc) \Device\Harddisk0\DR0\Partition0
14:32:44.0203 3020 \Device\Harddisk0\DR0\Partition0 - ok
14:32:44.0234 3020 Boot (0x1200) (979bca325decd09ae91d89eb5e3e54ac) \Device\Harddisk0\DR0\Partition1
14:32:44.0234 3020 \Device\Harddisk0\DR0\Partition1 - ok
14:32:44.0234 3020 Boot (0x1200) (97b3028df63198007580e6e29a887bda) \Device\Harddisk1\DR3\Partition0
14:32:44.0234 3020 \Device\Harddisk1\DR3\Partition0 - ok
14:32:44.0250 3020 Boot (0x1200) (0d106295603ec532a695b5ad97b2e6db) \Device\Harddisk1\DR3\Partition1
14:32:44.0250 3020 \Device\Harddisk1\DR3\Partition1 - ok
14:32:44.0250 3020 ============================================================
14:32:44.0250 3020 Scan finished
14:32:44.0250 3020 ============================================================
14:32:44.0265 3844 Detected object count: 2
14:32:44.0265 3844 Actual detected object count: 2
14:55:13.0171 3844 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
14:56:54.0828 3844 Backup copy found, using it..
14:56:54.0828 3844 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
14:56:54.0828 3844 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
14:57:01.0015 3844 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
14:57:01.0015 3844 HKLM\SYSTEM\ControlSet001\services\nv - will be deleted on reboot
14:57:01.0015 3844 HKLM\SYSTEM\ControlSet002\services\nv - will be deleted on reboot
14:57:01.0015 3844 HKLM\SYSTEM\ControlSet003\services\nv - will be deleted on reboot
14:57:01.0015 3844 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - will be deleted on reboot
14:57:01.0015 3844 nv ( ForgedFile.Multi.Generic ) - User select action: Delete
15:51:06.0890 3332 Deinitialize success
 
but it doesn't look right and there are bugs when I scroll.
Click to expand...
Since I'm not there you'll have to provide more details.

It looks like your video card driver was infected and TDSSKIller was forced to delete couple of files.
You may need need to reinstall video driver BUT don't do it yet. I'll let you know when.

Re-run TDSSKiller and post new log.
 
It's hard to describe - but it's like the view sticks then catches up with itself when I scroll - or move an open software window across the screen.

New TDSS showed no threats - but still have the google redirect virus.

17:12:00.0484 0372 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
17:12:00.0750 0372 ============================================================
17:12:00.0750 0372 Current date / time: 2012/03/03 17:12:00.0750
17:12:00.0750 0372 SystemInfo:
17:12:00.0750 0372
17:12:00.0750 0372 OS Version: 5.1.2600 ServicePack: 3.0
17:12:00.0750 0372 Product type: Workstation
17:12:00.0750 0372 ComputerName: STEVE
17:12:00.0750 0372 UserName: Owner
17:12:00.0750 0372 Windows directory: C:\WINDOWS
17:12:00.0750 0372 System windows directory: C:\WINDOWS
17:12:00.0750 0372 Processor architecture: Intel x86
17:12:00.0750 0372 Number of processors: 4
17:12:00.0750 0372 Page size: 0x1000
17:12:00.0750 0372 Boot type: Normal boot
17:12:00.0750 0372 ============================================================
17:12:01.0906 0372 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:12:01.0921 0372 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:12:06.0312 0372 \Device\Harddisk0\DR0:
17:12:06.0312 0372 MBR used
17:12:06.0312 0372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
17:12:06.0328 0372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x25E6189C
17:12:06.0328 0372 \Device\Harddisk1\DR3:
17:12:06.0328 0372 MBR used
17:12:06.0328 0372 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
17:12:06.0328 0372 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0xDBF9C96
17:12:06.0609 0372 Initialize success
17:12:06.0609 0372 ============================================================
17:12:08.0890 4092 ============================================================
17:12:08.0890 4092 Scan started
17:12:08.0890 4092 Mode: Manual;
17:12:08.0890 4092 ============================================================
17:12:10.0218 4092 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
17:12:10.0218 4092 61883 - ok
17:12:11.0250 4092 Abiosdsk - ok
17:12:12.0281 4092 abp480n5 - ok
17:12:13.0328 4092 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tsk1D.tmp
17:12:13.0328 4092 ACPI - ok
17:12:14.0406 4092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:12:14.0406 4092 ACPIEC - ok
17:12:15.0437 4092 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
17:12:15.0437 4092 adfs - ok
17:12:16.0484 4092 adpu160m - ok
17:12:17.0546 4092 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:12:17.0546 4092 aec - ok
17:12:18.0593 4092 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
17:12:18.0593 4092 AFD - ok
17:12:19.0671 4092 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:12:19.0687 4092 AgereSoftModem - ok
17:12:20.0718 4092 Aha154x - ok
17:12:21.0750 4092 aic78u2 - ok
17:12:22.0781 4092 aic78xx - ok
17:12:23.0843 4092 aksfridge (9e989429631a0588c60c430fd7db7576) C:\WINDOWS\system32\drivers\aksfridge.sys
17:12:23.0859 4092 aksfridge - ok
17:12:24.0937 4092 AliIde - ok
17:12:25.0968 4092 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:12:25.0968 4092 AmdPPM - ok
17:12:26.0984 4092 amsint - ok
17:12:28.0078 4092 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:12:28.0078 4092 Arp1394 - ok
17:12:29.0093 4092 asc - ok
17:12:30.0125 4092 asc3350p - ok
17:12:31.0156 4092 asc3550 - ok
17:12:32.0281 4092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:12:32.0281 4092 AsyncMac - ok
17:12:33.0328 4092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:12:33.0328 4092 atapi - ok
17:12:34.0359 4092 Atdisk - ok
17:12:35.0406 4092 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:12:35.0406 4092 Atmarpc - ok
17:12:36.0468 4092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:12:36.0468 4092 audstub - ok
17:12:37.0500 4092 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
17:12:37.0500 4092 Avc - ok
17:12:38.0546 4092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:12:38.0546 4092 Beep - ok
17:12:39.0656 4092 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
17:12:39.0656 4092 BTCFilterService - ok
17:12:40.0703 4092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:12:40.0703 4092 cbidf2k - ok
17:12:41.0750 4092 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:12:41.0750 4092 CCDECODE - ok
17:12:42.0781 4092 cd20xrnt - ok
17:12:43.0843 4092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:12:43.0843 4092 Cdaudio - ok
17:12:44.0890 4092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:12:44.0890 4092 Cdfs - ok
17:12:45.0937 4092 Cdrom - ok
17:12:46.0968 4092 Changer - ok
17:12:48.0078 4092 CmdIde - ok
17:12:49.0140 4092 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:12:49.0140 4092 Compbatt - ok
17:12:50.0250 4092 Cpqarray - ok
17:12:51.0296 4092 dac2w2k - ok
17:12:52.0296 4092 dac960nt - ok
17:12:53.0390 4092 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
17:12:53.0390 4092 Disk - ok
17:12:54.0468 4092 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:12:54.0500 4092 dmboot - ok
17:12:55.0546 4092 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:12:55.0546 4092 dmio - ok
17:12:56.0609 4092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:12:56.0609 4092 dmload - ok
17:12:57.0640 4092 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:12:57.0640 4092 DMusic - ok
17:12:58.0703 4092 dpti2o - ok
17:12:59.0750 4092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:12:59.0750 4092 drmkaud - ok
17:13:00.0812 4092 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
17:13:00.0828 4092 DumpDrv - ok
17:13:01.0906 4092 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
17:13:01.0906 4092 exFat - ok
17:13:02.0953 4092 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:13:02.0968 4092 Fastfat - ok
17:13:04.0046 4092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:13:04.0046 4092 Fdc - ok
17:13:05.0078 4092 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:13:05.0093 4092 Fips - ok
17:13:06.0140 4092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:13:06.0140 4092 Flpydisk - ok
17:13:07.0203 4092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:13:07.0203 4092 FltMgr - ok
17:13:08.0265 4092 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:13:08.0265 4092 Fs_Rec - ok
17:13:09.0296 4092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:13:09.0296 4092 Ftdisk - ok
17:13:10.0343 4092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:13:10.0343 4092 GEARAspiWDM - ok
17:13:11.0375 4092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:13:11.0390 4092 Gpc - ok
17:13:12.0484 4092 Hardlock (c03718f2b954972a40ad75e22d159f9f) C:\WINDOWS\system32\drivers\hardlock.sys
17:13:12.0500 4092 Hardlock - ok
17:13:13.0609 4092 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:13:13.0609 4092 HDAudBus - ok
17:13:14.0671 4092 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
17:13:14.0671 4092 HidBatt - ok
17:13:15.0718 4092 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:13:15.0718 4092 hidusb - ok
17:13:16.0765 4092 hpn - ok
17:13:17.0828 4092 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:13:17.0843 4092 HTTP - ok
17:13:18.0859 4092 i2omgmt - ok
17:13:19.0890 4092 i2omp - ok
17:13:20.0953 4092 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:13:20.0953 4092 i8042prt - ok
17:13:22.0000 4092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:13:22.0015 4092 Imapi - ok
17:13:23.0062 4092 ini910u - ok
17:13:24.0203 4092 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:13:24.0234 4092 IntcAzAudAddService - ok
17:13:25.0265 4092 IntelIde - ok
17:13:26.0281 4092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:13:26.0281 4092 Ip6Fw - ok
17:13:27.0281 4092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:13:27.0281 4092 IpFilterDriver - ok
17:13:28.0281 4092 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:13:28.0281 4092 IpInIp - ok
17:13:29.0281 4092 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:13:29.0281 4092 IpNat - ok
17:13:30.0296 4092 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:13:30.0296 4092 IPSec - ok
17:13:31.0296 4092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:13:31.0296 4092 IRENUM - ok
17:13:32.0312 4092 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:13:32.0312 4092 isapnp - ok
17:13:33.0343 4092 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:13:33.0343 4092 Kbdclass - ok
17:13:34.0343 4092 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:13:34.0343 4092 kbdhid - ok
17:13:35.0359 4092 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:13:35.0359 4092 kmixer - ok
17:13:36.0375 4092 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
17:13:36.0375 4092 KMWDFILTER - ok
17:13:37.0359 4092 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:13:37.0375 4092 KSecDD - ok
17:13:38.0390 4092 lbrtfdc - ok
17:13:39.0500 4092 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:13:39.0500 4092 MBAMProtector - ok
17:13:40.0562 4092 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:13:40.0562 4092 Modem - ok
17:13:41.0640 4092 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
17:13:41.0640 4092 motccgp - ok
17:13:42.0687 4092 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
17:13:42.0687 4092 motccgpfl - ok
17:13:43.0781 4092 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
17:13:43.0781 4092 motmodem - ok
17:13:44.0828 4092 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
17:13:44.0828 4092 MotoSwitchService - ok
17:13:45.0906 4092 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
17:13:45.0906 4092 Motousbnet - ok
17:13:46.0937 4092 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
17:13:46.0937 4092 motusbdevice - ok
17:13:48.0000 4092 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:13:48.0000 4092 Mouclass - ok
17:13:49.0046 4092 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:13:49.0046 4092 mouhid - ok
17:13:50.0046 4092 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
17:13:50.0046 4092 MountMgr - ok
17:13:51.0046 4092 mraid35x - ok
17:13:52.0078 4092 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:13:52.0078 4092 MRxDAV - ok
17:13:53.0093 4092 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:13:53.0109 4092 MRxSmb - ok
17:13:54.0156 4092 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
17:13:54.0156 4092 MSDV - ok
17:13:55.0187 4092 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:13:55.0187 4092 Msfs - ok
17:13:56.0234 4092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:13:56.0234 4092 MSKSSRV - ok
17:13:57.0265 4092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:13:57.0265 4092 MSPCLOCK - ok
17:13:58.0281 4092 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:13:58.0281 4092 MSPQM - ok
17:13:59.0296 4092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:13:59.0296 4092 mssmbios - ok
17:14:00.0343 4092 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:14:00.0343 4092 MSTEE - ok
17:14:01.0375 4092 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys
17:14:01.0375 4092 MTDVC2 - ok
17:14:02.0375 4092 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys
17:14:02.0390 4092 MTDVC2_ENUM - ok
17:14:03.0390 4092 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
17:14:03.0390 4092 Mup - ok
17:14:04.0421 4092 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:14:04.0421 4092 NABTSFEC - ok
17:14:05.0453 4092 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
17:14:05.0453 4092 NDIS - ok
17:14:06.0500 4092 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:14:06.0500 4092 NdisIP - ok
17:14:07.0515 4092 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:14:07.0515 4092 NdisTapi - ok
17:14:08.0515 4092 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:14:08.0515 4092 Ndisuio - ok
17:14:09.0515 4092 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:14:09.0515 4092 NdisWan - ok
17:14:10.0515 4092 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:14:10.0515 4092 NDProxy - ok
17:14:11.0515 4092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:14:11.0515 4092 NetBIOS - ok
17:14:12.0515 4092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:14:12.0531 4092 NetBT - ok
17:14:13.0578 4092 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:14:13.0578 4092 NIC1394 - ok
17:14:14.0609 4092 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:14:14.0609 4092 Npfs - ok
17:14:15.0625 4092 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
17:14:15.0640 4092 Ntfs - ok
17:14:16.0703 4092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:14:16.0703 4092 Null - ok
17:14:17.0703 4092 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:14:17.0703 4092 NVENETFD - ok
17:14:18.0703 4092 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:14:18.0703 4092 nvnetbus - ok
17:14:19.0718 4092 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
17:14:19.0734 4092 nvoclock - ok
17:14:20.0734 4092 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
17:14:20.0750 4092 nvsmu - ok
17:14:21.0750 4092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:14:21.0750 4092 NwlnkFlt - ok
17:14:22.0750 4092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:14:22.0750 4092 NwlnkFwd - ok
17:14:23.0750 4092 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:14:23.0750 4092 ohci1394 - ok
17:14:24.0828 4092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:14:24.0828 4092 Parport - ok
17:14:25.0843 4092 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:14:25.0843 4092 PartMgr - ok
17:14:26.0875 4092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:14:26.0875 4092 ParVdm - ok
17:14:27.0890 4092 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:14:27.0890 4092 PCI - ok
17:14:28.0890 4092 PCIDump - ok
17:14:29.0906 4092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:14:29.0906 4092 PCIIde - ok
17:14:30.0921 4092 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:14:30.0921 4092 Pcmcia - ok
17:14:31.0921 4092 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:14:31.0921 4092 pcouffin - ok
17:14:32.0921 4092 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
17:14:32.0921 4092 PCTBD - ok
17:14:33.0953 4092 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
17:14:33.0953 4092 PCTCore - ok
17:14:34.0984 4092 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
17:14:35.0000 4092 pctDS - ok
17:14:36.0046 4092 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys
17:14:36.0062 4092 pctEFA - ok
17:14:37.0093 4092 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\WINDOWS\system32\drivers\pctgntdi.sys
17:14:37.0093 4092 pctgntdi - ok
17:14:38.0093 4092 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\WINDOWS\system32\drivers\pctplsg.sys
17:14:38.0093 4092 pctplsg - ok
17:14:39.0125 4092 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\WINDOWS\system32\Drivers\PCTSD.sys
17:14:39.0125 4092 PCTSD - ok
17:14:40.0109 4092 PDCOMP - ok
17:14:41.0109 4092 PDFRAME - ok
17:14:42.0093 4092 PDRELI - ok
17:14:43.0109 4092 PDRFRAME - ok
17:14:44.0093 4092 perc2 - ok
17:14:45.0062 4092 perc2hib - ok
17:14:46.0125 4092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:14:46.0140 4092 PptpMiniport - ok
17:14:47.0140 4092 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:14:47.0140 4092 Processor - ok
17:14:48.0171 4092 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
17:14:48.0171 4092 PSched - ok
17:14:49.0203 4092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:14:49.0203 4092 Ptilink - ok
17:14:50.0218 4092 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:14:50.0218 4092 PxHelp20 - ok
17:14:51.0218 4092 ql1080 - ok
17:14:52.0203 4092 Ql10wnt - ok
17:14:53.0187 4092 ql12160 - ok
17:14:54.0187 4092 ql1240 - ok
17:14:55.0156 4092 ql1280 - ok
17:14:56.0171 4092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:14:56.0171 4092 RasAcd - ok
17:14:57.0171 4092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:14:57.0171 4092 Rasl2tp - ok
17:14:58.0171 4092 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:14:58.0171 4092 RasPppoe - ok
17:14:59.0156 4092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:14:59.0171 4092 Raspti - ok
17:15:00.0156 4092 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:15:00.0171 4092 Rdbss - ok
17:15:01.0171 4092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:15:01.0171 4092 RDPCDD - ok
17:15:02.0187 4092 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:15:02.0187 4092 rdpdr - ok
17:15:03.0203 4092 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
17:15:03.0203 4092 RDPWD - ok
17:15:04.0250 4092 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:15:04.0250 4092 redbook - ok
17:15:05.0312 4092 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:15:05.0312 4092 rspndr - ok
17:15:06.0406 4092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:15:06.0406 4092 Secdrv - ok
17:15:07.0453 4092 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:15:07.0453 4092 Serial - ok
17:15:08.0484 4092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:15:08.0484 4092 Sfloppy - ok
17:15:09.0531 4092 Simbad - ok
17:15:10.0546 4092 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:15:10.0546 4092 SLIP - ok
17:15:11.0531 4092 Sparrow - ok
17:15:12.0546 4092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:15:12.0546 4092 splitter - ok
17:15:13.0546 4092 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:15:13.0546 4092 SR - ok
17:15:14.0546 4092 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
17:15:14.0546 4092 Srv - ok
17:15:15.0593 4092 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:15:15.0593 4092 streamip - ok
17:15:16.0578 4092 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:15:16.0578 4092 swenum - ok
17:15:17.0546 4092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:15:17.0546 4092 swmidi - ok
17:15:18.0515 4092 symc810 - ok
17:15:19.0500 4092 symc8xx - ok
17:15:20.0453 4092 sym_hi - ok
17:15:21.0421 4092 sym_u3 - ok
17:15:22.0484 4092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:15:22.0484 4092 sysaudio - ok
17:15:23.0468 4092 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:15:23.0468 4092 Tcpip - ok
17:15:24.0468 4092 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:15:24.0468 4092 TDPIPE - ok
17:15:25.0437 4092 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
17:15:25.0437 4092 TDTCP - ok
17:15:26.0453 4092 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:15:26.0453 4092 TermDD - ok
17:15:27.0421 4092 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
17:15:27.0421 4092 TfFsMon - ok
17:15:28.0406 4092 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
17:15:28.0406 4092 TfNetMon - ok
17:15:29.0390 4092 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
17:15:29.0390 4092 TFSysMon - ok
17:15:30.0437 4092 TosIde - ok
17:15:31.0484 4092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:15:31.0484 4092 Udfs - ok
17:15:32.0453 4092 ultra - ok
17:15:33.0468 4092 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:15:33.0484 4092 Update - ok
17:15:34.0562 4092 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:15:34.0562 4092 usbccgp - ok
17:15:35.0593 4092 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:15:35.0593 4092 usbehci - ok
17:15:36.0656 4092 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:15:36.0656 4092 usbhub - ok
17:15:37.0718 4092 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:15:37.0718 4092 usbohci - ok
17:15:38.0781 4092 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:15:38.0781 4092 usbprint - ok
17:15:39.0812 4092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:15:39.0812 4092 usbscan - ok
17:15:40.0812 4092 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:15:40.0812 4092 usbstor - ok
17:15:41.0859 4092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:15:41.0859 4092 VgaSave - ok
17:15:42.0875 4092 ViaIde - ok
17:15:43.0906 4092 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:15:43.0906 4092 VolSnap - ok
17:15:44.0968 4092 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:44.0968 4092 Wanarp - ok
17:15:46.0000 4092 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:15:46.0000 4092 Wdf01000 - ok
17:15:47.0015 4092 WDICA - ok
17:15:48.0046 4092 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:15:48.0062 4092 wdmaud - ok
17:15:49.0156 4092 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:15:49.0156 4092 WmiAcpi - ok
17:15:50.0218 4092 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:15:50.0218 4092 WpdUsb - ok
17:15:51.0250 4092 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:15:51.0250 4092 WS2IFSL - ok
17:15:52.0312 4092 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:15:52.0312 4092 WSTCODEC - ok
17:15:53.0343 4092 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:15:53.0343 4092 WudfPf - ok
17:15:54.0343 4092 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:15:54.0343 4092 WudfRd - ok
17:15:54.0406 4092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:15:54.0515 4092 \Device\Harddisk0\DR0 - ok
17:15:54.0515 4092 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR3
17:15:54.0531 4092 \Device\Harddisk1\DR3 - ok
17:15:54.0531 4092 Boot (0x1200) (6d7e3ed55b7b1b815cf0f6e375267edc) \Device\Harddisk0\DR0\Partition0
17:15:54.0531 4092 \Device\Harddisk0\DR0\Partition0 - ok
17:15:54.0562 4092 Boot (0x1200) (979bca325decd09ae91d89eb5e3e54ac) \Device\Harddisk0\DR0\Partition1
17:15:54.0562 4092 \Device\Harddisk0\DR0\Partition1 - ok
17:15:54.0578 4092 Boot (0x1200) (97b3028df63198007580e6e29a887bda) \Device\Harddisk1\DR3\Partition0
17:15:54.0578 4092 \Device\Harddisk1\DR3\Partition0 - ok
17:15:54.0578 4092 Boot (0x1200) (0d106295603ec532a695b5ad97b2e6db) \Device\Harddisk1\DR3\Partition1
17:15:54.0593 4092 \Device\Harddisk1\DR3\Partition1 - ok
17:15:54.0593 4092 ============================================================
17:15:54.0593 4092 Scan finished
17:15:54.0593 4092 ============================================================
17:15:54.0609 2232 Detected object count: 0
17:15:54.0609 2232 Actual detected object count: 0
17:21:50.0406 2840 ============================================================
17:21:50.0406 2840 Scan started
17:21:50.0406 2840 Mode: Manual;
17:21:50.0406 2840 ============================================================
17:21:51.0718 2840 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
17:21:51.0718 2840 61883 - ok
17:21:52.0750 2840 Abiosdsk - ok
17:21:53.0796 2840 abp480n5 - ok
17:21:54.0875 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tsk1D.tmp
17:21:54.0875 2840 ACPI - ok
17:21:55.0921 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:21:55.0921 2840 ACPIEC - ok
17:21:56.0968 2840 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
17:21:56.0968 2840 adfs - ok
17:21:58.0031 2840 adpu160m - ok
17:21:59.0109 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:21:59.0109 2840 aec - ok
17:22:00.0171 2840 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
17:22:00.0171 2840 AFD - ok
17:22:01.0234 2840 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:22:01.0234 2840 AgereSoftModem - ok
17:22:02.0281 2840 Aha154x - ok
17:22:03.0312 2840 aic78u2 - ok
17:22:04.0359 2840 aic78xx - ok
17:22:05.0437 2840 aksfridge (9e989429631a0588c60c430fd7db7576) C:\WINDOWS\system32\drivers\aksfridge.sys
17:22:05.0437 2840 aksfridge - ok
17:22:06.0500 2840 AliIde - ok
17:22:07.0546 2840 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:22:07.0546 2840 AmdPPM - ok
17:22:08.0593 2840 amsint - ok
17:22:09.0656 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:22:09.0656 2840 Arp1394 - ok
17:22:10.0687 2840 asc - ok
17:22:11.0718 2840 asc3350p - ok
17:22:12.0765 2840 asc3550 - ok
17:22:13.0859 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:22:13.0859 2840 AsyncMac - ok
17:22:14.0890 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:22:14.0890 2840 atapi - ok
17:22:15.0937 2840 Atdisk - ok
17:22:17.0015 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:22:17.0015 2840 Atmarpc - ok
17:22:18.0062 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:22:18.0062 2840 audstub - ok
17:22:19.0125 2840 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
17:22:19.0125 2840 Avc - ok
17:22:20.0171 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:22:20.0171 2840 Beep - ok
17:22:21.0281 2840 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
17:22:21.0281 2840 BTCFilterService - ok
17:22:22.0312 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:22:22.0312 2840 cbidf2k - ok
17:22:23.0390 2840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:22:23.0390 2840 CCDECODE - ok
17:22:24.0437 2840 cd20xrnt - ok
17:22:25.0468 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:22:25.0468 2840 Cdaudio - ok
17:22:26.0578 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:22:26.0578 2840 Cdfs - ok
17:22:27.0609 2840 Cdrom - ok
17:22:28.0656 2840 Changer - ok
17:22:29.0750 2840 CmdIde - ok
17:22:30.0812 2840 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:22:30.0812 2840 Compbatt - ok
17:22:31.0890 2840 Cpqarray - ok
17:22:32.0953 2840 dac2w2k - ok
17:22:33.0984 2840 dac960nt - ok
17:22:35.0078 2840 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
17:22:35.0078 2840 Disk - ok
17:22:36.0140 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:22:36.0140 2840 dmboot - ok
17:22:37.0203 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:22:37.0203 2840 dmio - ok
17:22:38.0265 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:22:38.0265 2840 dmload - ok
17:22:39.0296 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:22:39.0312 2840 DMusic - ok
17:22:40.0390 2840 dpti2o - ok
17:22:41.0453 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:22:41.0453 2840 drmkaud - ok
17:22:42.0500 2840 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
17:22:42.0500 2840 DumpDrv - ok
17:22:43.0593 2840 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
17:22:43.0593 2840 exFat - ok
17:22:44.0640 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:22:44.0640 2840 Fastfat - ok
17:22:45.0703 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:22:45.0703 2840 Fdc - ok
17:22:46.0734 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:22:46.0734 2840 Fips - ok
17:22:47.0796 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:22:47.0796 2840 Flpydisk - ok
17:22:48.0875 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:22:48.0875 2840 FltMgr - ok
17:22:49.0953 2840 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:22:49.0953 2840 Fs_Rec - ok
17:22:51.0015 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:22:51.0015 2840 Ftdisk - ok
17:22:52.0093 2840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:22:52.0093 2840 GEARAspiWDM - ok
17:22:53.0156 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:22:53.0156 2840 Gpc - ok
17:22:54.0218 2840 Hardlock (c03718f2b954972a40ad75e22d159f9f) C:\WINDOWS\system32\drivers\hardlock.sys
17:22:54.0218 2840 Hardlock - ok
17:22:55.0296 2840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:22:55.0296 2840 HDAudBus - ok
17:22:56.0359 2840 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
17:22:56.0359 2840 HidBatt - ok
17:22:57.0421 2840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:22:57.0421 2840 hidusb - ok
17:22:58.0437 2840 hpn - ok
17:22:59.0515 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:22:59.0515 2840 HTTP - ok
17:23:00.0562 2840 i2omgmt - ok
17:23:01.0593 2840 i2omp - ok
17:23:02.0656 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:23:02.0656 2840 i8042prt - ok
17:23:03.0734 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:23:03.0734 2840 Imapi - ok
17:23:04.0781 2840 ini910u - ok
 
17:23:05.0953 2840 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:23:05.0984 2840 IntcAzAudAddService - ok
17:23:07.0046 2840 IntelIde - ok
17:23:08.0093 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:23:08.0109 2840 Ip6Fw - ok
17:23:09.0140 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:23:09.0140 2840 IpFilterDriver - ok
17:23:10.0187 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:23:10.0187 2840 IpInIp - ok
17:23:11.0234 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:23:11.0234 2840 IpNat - ok
17:23:12.0265 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:23:12.0265 2840 IPSec - ok
17:23:13.0328 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:23:13.0328 2840 IRENUM - ok
17:23:14.0375 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:23:14.0375 2840 isapnp - ok
17:23:15.0437 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:23:15.0437 2840 Kbdclass - ok
17:23:16.0500 2840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:23:16.0500 2840 kbdhid - ok
17:23:17.0546 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:23:17.0546 2840 kmixer - ok
17:23:18.0578 2840 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
17:23:18.0578 2840 KMWDFILTER - ok
17:23:19.0609 2840 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:23:19.0609 2840 KSecDD - ok
17:23:20.0656 2840 lbrtfdc - ok
17:23:21.0781 2840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:23:21.0781 2840 MBAMProtector - ok
17:23:22.0859 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:23:22.0859 2840 Modem - ok
17:23:23.0906 2840 motccgp (1088f75c09ebb0a8b0f13b886fd67c52) C:\WINDOWS\system32\DRIVERS\motccgp.sys
17:23:23.0906 2840 motccgp - ok
17:23:24.0937 2840 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
17:23:24.0937 2840 motccgpfl - ok
17:23:26.0000 2840 motmodem (8f408e9ed2feb8a8b8837c380faf7ad6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
17:23:26.0000 2840 motmodem - ok
17:23:27.0062 2840 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
17:23:27.0062 2840 MotoSwitchService - ok
17:23:28.0125 2840 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
17:23:28.0125 2840 Motousbnet - ok
17:23:29.0171 2840 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
17:23:29.0171 2840 motusbdevice - ok
17:23:30.0234 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:23:30.0234 2840 Mouclass - ok
17:23:31.0296 2840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:23:31.0296 2840 mouhid - ok
17:23:32.0328 2840 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
17:23:32.0328 2840 MountMgr - ok
17:23:33.0375 2840 mraid35x - ok
17:23:34.0437 2840 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:23:34.0437 2840 MRxDAV - ok
17:23:35.0484 2840 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:23:35.0484 2840 MRxSmb - ok
17:23:36.0578 2840 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
17:23:36.0578 2840 MSDV - ok
17:23:37.0609 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:23:37.0609 2840 Msfs - ok
17:23:38.0671 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:23:38.0671 2840 MSKSSRV - ok
17:23:39.0734 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:23:39.0734 2840 MSPCLOCK - ok
17:23:40.0765 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:23:40.0765 2840 MSPQM - ok
17:23:41.0796 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:23:41.0796 2840 mssmbios - ok
17:23:42.0843 2840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:23:42.0843 2840 MSTEE - ok
17:23:43.0906 2840 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys
17:23:43.0906 2840 MTDVC2 - ok
17:23:44.0937 2840 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys
17:23:44.0937 2840 MTDVC2_ENUM - ok
17:23:45.0984 2840 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
17:23:45.0984 2840 Mup - ok
17:23:47.0031 2840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:23:47.0046 2840 NABTSFEC - ok
17:23:48.0093 2840 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
17:23:48.0093 2840 NDIS - ok
17:23:49.0156 2840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:23:49.0156 2840 NdisIP - ok
17:23:50.0171 2840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:23:50.0171 2840 NdisTapi - ok
17:23:51.0187 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:23:51.0187 2840 Ndisuio - ok
17:23:52.0203 2840 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:23:52.0203 2840 NdisWan - ok
17:23:53.0187 2840 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:23:53.0187 2840 NDProxy - ok
17:23:54.0187 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:23:54.0187 2840 NetBIOS - ok
17:23:55.0218 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:23:55.0218 2840 NetBT - ok
17:23:56.0265 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:23:56.0265 2840 NIC1394 - ok
17:23:57.0312 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:23:57.0312 2840 Npfs - ok
17:23:58.0328 2840 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
17:23:58.0328 2840 Ntfs - ok
17:23:59.0390 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:23:59.0390 2840 Null - ok
17:24:00.0375 2840 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:24:00.0375 2840 NVENETFD - ok
17:24:01.0421 2840 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:24:01.0421 2840 nvnetbus - ok
17:24:02.0453 2840 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
17:24:02.0453 2840 nvoclock - ok
17:24:03.0484 2840 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
17:24:03.0484 2840 nvsmu - ok
17:24:04.0531 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:24:04.0531 2840 NwlnkFlt - ok
17:24:05.0562 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:24:05.0562 2840 NwlnkFwd - ok
17:24:06.0609 2840 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:24:06.0609 2840 ohci1394 - ok
17:24:07.0671 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:24:07.0671 2840 Parport - ok
17:24:08.0734 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:24:08.0750 2840 PartMgr - ok
17:24:09.0796 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:24:09.0796 2840 ParVdm - ok
17:24:10.0828 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:24:10.0828 2840 PCI - ok
17:24:11.0843 2840 PCIDump - ok
17:24:12.0921 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:24:12.0921 2840 PCIIde - ok
17:24:13.0984 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:24:14.0000 2840 Pcmcia - ok
17:24:15.0046 2840 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:24:15.0046 2840 pcouffin - ok
17:24:16.0078 2840 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
17:24:16.0078 2840 PCTBD - ok
17:24:17.0125 2840 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
17:24:17.0125 2840 PCTCore - ok
17:24:18.0187 2840 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
17:24:18.0187 2840 pctDS - ok
17:24:19.0250 2840 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys
17:24:19.0250 2840 pctEFA - ok
17:24:20.0328 2840 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\WINDOWS\system32\drivers\pctgntdi.sys
17:24:20.0343 2840 pctgntdi - ok
17:24:21.0375 2840 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\WINDOWS\system32\drivers\pctplsg.sys
17:24:21.0375 2840 pctplsg - ok
17:24:22.0437 2840 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\WINDOWS\system32\Drivers\PCTSD.sys
17:24:22.0437 2840 PCTSD - ok
17:24:23.0437 2840 PDCOMP - ok
17:24:24.0468 2840 PDFRAME - ok
17:24:25.0515 2840 PDRELI - ok
17:24:26.0546 2840 PDRFRAME - ok
17:24:27.0593 2840 perc2 - ok
17:24:28.0625 2840 perc2hib - ok
17:24:29.0734 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:24:29.0734 2840 PptpMiniport - ok
17:24:30.0781 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:24:30.0781 2840 Processor - ok
17:24:31.0843 2840 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
17:24:31.0843 2840 PSched - ok
17:24:32.0875 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:24:32.0875 2840 Ptilink - ok
17:24:33.0921 2840 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:24:33.0921 2840 PxHelp20 - ok
17:24:34.0968 2840 ql1080 - ok
17:24:36.0015 2840 Ql10wnt - ok
17:24:37.0062 2840 ql12160 - ok
17:24:38.0109 2840 ql1240 - ok
17:24:39.0156 2840 ql1280 - ok
17:24:40.0203 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:24:40.0203 2840 RasAcd - ok
17:24:41.0265 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:24:41.0265 2840 Rasl2tp - ok
17:24:42.0296 2840 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:24:42.0296 2840 RasPppoe - ok
17:24:43.0328 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:24:43.0328 2840 Raspti - ok
17:24:44.0390 2840 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:24:44.0390 2840 Rdbss - ok
17:24:45.0406 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:24:45.0406 2840 RDPCDD - ok
17:24:46.0500 2840 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:24:46.0500 2840 rdpdr - ok
17:24:47.0578 2840 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
17:24:47.0578 2840 RDPWD - ok
17:24:48.0625 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:24:48.0625 2840 redbook - ok
17:24:49.0671 2840 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:24:49.0671 2840 rspndr - ok
17:24:50.0781 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:24:50.0781 2840 Secdrv - ok
17:24:51.0859 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:24:51.0859 2840 Serial - ok
17:24:52.0953 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:24:52.0953 2840 Sfloppy - ok
17:24:54.0015 2840 Simbad - ok
17:24:55.0078 2840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:24:55.0078 2840 SLIP - ok
17:24:56.0109 2840 Sparrow - ok
17:24:57.0171 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:24:57.0171 2840 splitter - ok
17:24:58.0234 2840 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:24:58.0234 2840 SR - ok
17:24:59.0312 2840 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
17:24:59.0312 2840 Srv - ok
17:25:00.0390 2840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:25:00.0390 2840 streamip - ok
17:25:01.0437 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:25:01.0437 2840 swenum - ok
17:25:02.0484 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:25:02.0484 2840 swmidi - ok
17:25:03.0515 2840 symc810 - ok
17:25:04.0546 2840 symc8xx - ok
17:25:05.0593 2840 sym_hi - ok
17:25:06.0687 2840 sym_u3 - ok
17:25:07.0765 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:25:07.0765 2840 sysaudio - ok
17:25:08.0859 2840 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:25:08.0859 2840 Tcpip - ok
17:25:09.0906 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:25:09.0906 2840 TDPIPE - ok
17:25:10.0968 2840 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
17:25:10.0968 2840 TDTCP - ok
17:25:12.0031 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:25:12.0031 2840 TermDD - ok
17:25:13.0046 2840 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
17:25:13.0046 2840 TfFsMon - ok
17:25:14.0093 2840 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
17:25:14.0093 2840 TfNetMon - ok
17:25:15.0156 2840 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
17:25:15.0156 2840 TFSysMon - ok
17:25:16.0234 2840 TosIde - ok
17:25:17.0343 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:25:17.0343 2840 Udfs - ok
17:25:18.0375 2840 ultra - ok
17:25:19.0437 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:25:19.0437 2840 Update - ok
17:25:20.0531 2840 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:25:20.0531 2840 usbccgp - ok
17:25:21.0562 2840 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:25:21.0578 2840 usbehci - ok
17:25:22.0625 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:25:22.0625 2840 usbhub - ok
17:25:23.0656 2840 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:25:23.0656 2840 usbohci - ok
17:25:24.0703 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:25:24.0703 2840 usbprint - ok
17:25:25.0750 2840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:25:25.0750 2840 usbscan - ok
17:25:26.0796 2840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:25:26.0812 2840 usbstor - ok
17:25:27.0859 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:25:27.0859 2840 VgaSave - ok
17:25:28.0890 2840 ViaIde - ok
17:25:29.0953 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:25:29.0953 2840 VolSnap - ok
17:25:31.0046 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:25:31.0046 2840 Wanarp - ok
17:25:32.0093 2840 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:25:32.0093 2840 Wdf01000 - ok
17:25:33.0109 2840 WDICA - ok
17:25:34.0140 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:25:34.0140 2840 wdmaud - ok
17:25:35.0234 2840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:25:35.0234 2840 WmiAcpi - ok
17:25:36.0343 2840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:25:36.0343 2840 WpdUsb - ok
17:25:37.0375 2840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:25:37.0375 2840 WS2IFSL - ok
17:25:38.0437 2840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:25:38.0453 2840 WSTCODEC - ok
17:25:39.0531 2840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:25:39.0531 2840 WudfPf - ok
17:25:40.0578 2840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:25:40.0578 2840 WudfRd - ok
17:25:40.0656 2840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:25:40.0765 2840 \Device\Harddisk0\DR0 - ok
17:25:40.0781 2840 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR3
17:25:40.0781 2840 \Device\Harddisk1\DR3 - ok
17:25:40.0796 2840 Boot (0x1200) (6d7e3ed55b7b1b815cf0f6e375267edc) \Device\Harddisk0\DR0\Partition0
17:25:40.0796 2840 \Device\Harddisk0\DR0\Partition0 - ok
17:25:40.0812 2840 Boot (0x1200) (979bca325decd09ae91d89eb5e3e54ac) \Device\Harddisk0\DR0\Partition1
17:25:40.0828 2840 \Device\Harddisk0\DR0\Partition1 - ok
17:25:40.0828 2840 Boot (0x1200) (97b3028df63198007580e6e29a887bda) \Device\Harddisk1\DR3\Partition0
17:25:40.0828 2840 \Device\Harddisk1\DR3\Partition0 - ok
17:25:40.0843 2840 Boot (0x1200) (0d106295603ec532a695b5ad97b2e6db) \Device\Harddisk1\DR3\Partition1
17:25:40.0843 2840 \Device\Harddisk1\DR3\Partition1 - ok
17:25:40.0843 2840 ============================================================
17:25:40.0843 2840 Scan finished
17:25:40.0843 2840 ============================================================
17:25:40.0875 3336 Detected object count: 0
17:25:40.0875 3336 Actual detected object count: 0
 
I'm pretty sure you'll have to reinstall video drivers.
Couple more steps before we'll be ready to do it.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 22:17:06
-----------------------------
22:17:06.984 OS Version: Windows 5.1.2600 Service Pack 3
22:17:06.984 Number of processors: 4 586 0x502
22:17:06.984 ComputerName: STEVE UserName: Owner
22:17:07.484 Initialize success
22:19:17.281 AVAST engine defs: 12030301
22:19:45.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:19:45.296 Disk 0 Vendor: WDC_WD6400AACS-00D6B1 01.01A01 Size: 610480MB BusType: 3
22:19:45.828 Disk 0 MBR read successfully
22:19:45.843 Disk 0 MBR scan
22:19:45.906 Disk 0 Windows XP default MBR code
22:19:45.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
22:19:45.953 Disk 0 Partition - 00 0F Extended LBA 310467 MB offset 614405925
22:19:45.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310467 MB offset 614405988
22:19:46.015 Disk 0 scanning sectors +1250242560
22:19:46.093 Disk 0 scanning C:\WINDOWS\system32\drivers
22:19:46.390 File: C:\WINDOWS\system32\drivers\acpi.sys **INFECTED** Win32:RLoader-B
22:19:55.015 Service scanning
22:19:55.984 Modules scanning
22:20:01.859 Disk 0 trace - called modules:
22:20:02.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys tsk1D.tmp hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:20:02.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b13eab8]
22:20:02.500 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> [0x8b0689e8]
22:20:02.703 5 PCTCore.sys[ba682407] -> nt!IofCallDriver -> \Device\00000079[0x8b1d9490]
22:20:02.921 7 tsk1D.tmp[ba768620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b0f6030]
22:20:03.687 AVAST engine scan C:\WINDOWS
22:20:13.656 AVAST engine scan C:\WINDOWS\system32
22:21:51.796 AVAST engine scan C:\WINDOWS\system32\drivers
22:21:52.406 File: C:\WINDOWS\system32\drivers\acpi.sys **INFECTED** Win32:RLoader-B
22:22:07.609 AVAST engine scan C:\Documents and Settings\Owner
22:35:10.390 AVAST engine scan C:\Documents and Settings\All Users
22:37:04.828 Scan finished successfully
10:00:29.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\MBR.dat"
10:00:29.468 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Scan_logs\aswMBR.txt"
 
Oops didn't see the second part:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Google redirect appears to be gone! But definitely will need some help restoring the video driver. And I've got this annoying Explorer Download Manager popping up all the time now. Going to try my printer and plotter to see if the drivers are okay.

ComboFix 12-02-29.01 - Owner 03/04/2012 16:07:05.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2885 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Owner\My Documents\~WRL0001.tmp
C:\WINDOWS\system32\default_user_class.dat.LOG
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ShellExt\CmdOpen.dll

C:\WINDOWS\system32\drivers\cdrom.sys . . . is missing!!


((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))


2012-03-03 19:57:01 . 2012-03-03 19:57:01 98992 ----a-w- C:\WINDOWS\system32\drivers\14098817.sys
2012-03-03 19:56:54 . 2012-03-03 19:56:54 187776 ----a-w- C:\WINDOWS\system32\drivers\tsk1D.tmp
2012-03-03 19:55:12 . 2012-03-03 19:55:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 16:25:25 . 2012-03-02 16:25:25 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2012-03-02 16:25:17 . 2012-03-02 16:25:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-03-02 16:25:16 . 2012-03-02 16:25:22 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-02 16:25:16 . 2011-12-10 20:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-29 17:42:33 . 2012-02-29 17:42:35 -------- d-----w- C:\Program Files\Download Manager
2012-02-29 17:42:32 . 2012-02-29 17:42:37 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\DownloadManager
2012-02-29 17:42:24 . 2012-02-29 17:42:25 -------- d-----w- C:\Program Files\Surf Canyon
2012-02-29 17:42:20 . 2012-02-29 17:52:56 -------- d-----w- C:\Program Files\RebateRobot
2012-02-29 17:42:20 . 2012-02-29 17:42:20 -------- d-----w- C:\skin
2012-02-29 17:42:20 . 2012-02-29 17:42:20 -------- d-----w- C:\defaults
2012-02-29 17:42:20 . 2012-02-29 17:42:20 -------- d-----w- C:\content
2012-02-29 17:42:01 . 2012-02-29 17:42:01 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\I Want This
2012-02-29 17:41:37 . 2012-02-29 17:42:16 -------- d-----w- C:\Program Files\I Want This
2012-02-27 21:04:45 . 2012-01-11 19:56:12 574424 --s---w- C:\WINDOWS\system32\drivers\TfSysMon.sys
2012-02-27 21:04:45 . 2012-01-11 19:56:12 54328 --s---w- C:\WINDOWS\system32\drivers\TfFsMon.sys
2012-02-27 21:04:45 . 2012-01-11 19:56:12 35264 --s---w- C:\WINDOWS\system32\drivers\TfNetMon.sys
2012-02-27 21:00:39 . 2011-09-28 18:14:02 56840 ----a-w- C:\WINDOWS\system32\drivers\PCTBD.sys
2012-02-27 21:00:19 . 2012-01-11 21:19:02 185560 ----a-w- C:\WINDOWS\system32\drivers\PCTSD.sys
2012-02-27 21:00:19 . 2012-01-11 21:17:50 17848 ----a-w- C:\WINDOWS\system32\drivers\pctBTFix.sys
2012-02-27 20:58:14 . 2012-02-27 20:58:14 -------- d-----w- C:\Documents and Settings\Owner\Application Data\TestApp
2012-02-10 19:59:00 . 2012-02-10 19:59:02 45056 ----a-w- C:\WINDOWS\scluins1.exe
2012-02-10 19:59:00 . 2012-02-10 19:59:02 36864 ----a-w- C:\WINDOWS\smon03.exe
2012-02-10 19:58:59 . 2012-02-10 21:22:41 -------- d-----w- C:\Program Files\Sophocles
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-27 20:31:26 . 2012-02-27 20:31:26 1182680 ----a-w- C:\WINDOWS\system32\drivers\TfKbMon.sys.old
2012-01-16 21:28:50 . 2011-06-24 19:16:27 149456 ----a-w- C:\WINDOWS\SGDetectionTool.dll
2012-01-16 21:28:48 . 2011-06-24 19:16:26 2246608 ----a-w- C:\WINDOWS\PCTBDCore.dll
2012-01-16 21:28:48 . 2011-06-24 19:16:26 1681360 ----a-w- C:\WINDOWS\PCTBDRes.dll
2012-01-16 21:28:28 . 2011-06-24 19:16:27 767952 ----a-w- C:\WINDOWS\BDTSupport.dll
2012-01-11 21:19:24 . 2011-06-24 18:33:02 70536 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2012-01-11 21:14:30 . 2011-06-24 18:33:21 253352 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
1997-07-22 00:30:54 1045776 --sha-w- C:\WINDOWS\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- C:\WINDOWS\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- C:\WINDOWS\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- C:\WINDOWS\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- C:\WINDOWS\system32\Msxbse35.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-10-19 07:35:08 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649 (xpsp_sp3_qfe.080728-1259)] . . C:\WINDOWS\system32\drivers\tcpip.sys

((((((((((((((((((((((((((((( SnapShot@2011-12-26_17.54.44 )))))))))))))))))))))))))))))))))))))))))

+ 2007-11-07 07:19:20 . 2007-11-07 07:19:20 54272 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 06:19:20 . 2007-11-07 06:19:20 54272 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 62976 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 62976 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 46080 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 46080 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 46592 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 46592 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 64512 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 64512 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 66048 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 12:05:06 . 2008-07-29 12:05:06 66048 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 12:05:06 . 2008-07-29 12:05:06 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 65024 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 56832 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 56832 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 66560 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 66560 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 12:05:06 . 2008-07-29 12:05:06 39936 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 39936 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 12:05:06 . 2008-07-29 12:05:06 38912 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 38912 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 10:07:42 . 2008-07-29 10:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07:42 . 2008-07-29 11:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07:42 . 2008-07-29 11:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 10:07:42 . 2008-07-29 10:07:42 59904 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-03-04 21:03:41 . 2012-03-04 21:03:41 16384 C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat
+ 2012-03-04 21:03:38 . 2012-03-04 21:03:38 16384 C:\WINDOWS\Temp\Perflib_Perfdata_234.dat
+ 2012-01-24 00:55:39 . 2008-03-21 18:57:18 14640 C:\WINDOWS\system32\spmsgXP_2k3.dll
- 2008-04-14 11:00:00 . 2011-12-26 17:55:18 72108 C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 11:00:00 . 2012-03-03 21:14:48 72108 C:\WINDOWS\system32\perfc009.dat
+ 2008-03-27 21:27:48 . 2008-03-27 21:27:48 35040 C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2011-10-02 14:24:23 . 2010-04-01 17:31:50 23424 C:\WINDOWS\system32\drivers\Motousbnet.sys
+ 2011-10-02 14:24:22 . 2010-09-29 21:13:46 24064 C:\WINDOWS\system32\drivers\motmodem.sys
+ 2011-10-02 14:24:21 . 2010-12-03 18:03:08 20352 C:\WINDOWS\system32\drivers\motccgp.sys
- 2009-12-13 06:38:51 . 2011-12-26 16:43:05 16384 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-13 06:38:51 . 2012-03-04 20:52:50 16384 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-13 06:38:51 . 2011-12-26 16:43:05 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-01 16:40:01 . 2012-03-04 20:52:50 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-01 20:12:31 . 2012-02-01 20:12:31 22016 C:\WINDOWS\Installer\9de26eb.msi
+ 2010-08-03 15:43:41 . 2012-01-08 13:59:39 49152 C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-08-03 15:43:41 . 2011-05-24 20:34:37 49152 C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-02 14:24:23 . 2010-01-25 22:56:44 9472 C:\WINDOWS\system32\drivers\motusbdevice.sys
+ 2011-10-02 14:24:21 . 2007-11-02 18:51:30 6400 C:\WINDOWS\system32\drivers\motswch.sys
+ 2011-10-02 14:24:23 . 2009-01-29 20:11:20 6016 C:\WINDOWS\system32\drivers\motfilt.sys
+ 2011-10-02 14:24:21 . 2009-01-29 20:18:00 8320 C:\WINDOWS\system32\drivers\motccgpfl.sys
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 655872 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 655872 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 572928 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 572928 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 07:54:08 . 2008-07-29 07:54:08 225280 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 08:54:08 . 2008-07-29 08:54:08 225280 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 12:05:06 . 2008-07-29 12:05:06 161784 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 13:05:06 . 2008-07-29 13:05:06 161784 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-04-14 11:00:00 . 2011-12-26 17:55:18 444358 C:\WINDOWS\system32\perfh009.dat
+ 2008-04-14 11:00:00 . 2012-03-03 21:14:48 444358 C:\WINDOWS\system32\perfh009.dat
+ 2008-03-27 21:27:46 . 2008-03-27 21:27:46 503008 C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2011-06-24 18:33:23 . 2011-12-01 21:07:06 909728 C:\WINDOWS\system32\drivers\pctEFA.sys
+ 2011-06-24 18:33:23 . 2011-12-01 21:07:06 342168 C:\WINDOWS\system32\drivers\pctDS.sys
+ 2011-06-24 18:33:10 . 2011-11-14 20:12:26 331880 C:\WINDOWS\system32\drivers\PCTCore.sys
+ 2011-06-24 18:33:10 . 2011-11-14 20:12:24 162584 C:\WINDOWS\system32\drivers\PCTAppEvent.sys
+ 2012-01-22 00:03:17 . 2012-01-22 00:05:01 325960 C:\WINDOWS\Replay Music\lua5.1.dll
+ 2012-02-29 17:42:33 . 2012-02-29 17:42:33 126976 C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
+ 2012-01-24 00:55:34 . 2008-03-21 18:57:18 379184 C:\WINDOWS\$NtUninstallWdf01007$\spuninst\updspapi.dll
+ 2012-01-24 00:55:34 . 2008-03-21 18:57:18 221488 C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe
- 2008-07-29 12:05:10 . 2008-07-29 12:05:10 3783672 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05:10 . 2008-07-29 13:05:10 3783672 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05:08 . 2008-07-29 13:05:08 3768312 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 12:05:08 . 2008-07-29 12:05:08 3768312 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2011-10-02 14:24:23 . 2008-03-27 20:49:38 1112288 C:\WINDOWS\system32\wdfcoinstaller01007.dll
+ 2012-01-22 00:03:17 . 2012-01-22 00:05:01 1360896 C:\WINDOWS\Replay Music\uninstall.exe
+ 2012-01-08 13:59:03 . 2012-01-08 13:59:03 20333568 C:\WINDOWS\Installer\179a5745.msp

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2009-11-07 06:07:04 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 16:08:40 2363392]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 20:45:07 313472]
"Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 05:18:08 6276408]
"DownloadManager"="C:\Program Files\Download Manager\DownloadManager.exe" [2012-02-29 17:42:32 654336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 11:00:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 11:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 11:00:00 455168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 23:30:00 45632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-21 02:32:14 110184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-21 02:32:14 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 15:32:14 18085888]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 12:58:34 611712]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 06:08:13 483328]
"Intuit SyncManager"="C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 10:58:14 1439496]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 16:44:46 248552]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2010-11-29 21:38:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-04-27 05:22:56 421160]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 19:53:18 460872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAxADkAMwA2ADMAOQA4ADkALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMgAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwA0ADkANAAwADQALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADMALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgBOACsAMQAtAEYAVQBJACsAMgA&prod=90&ver=9.0.894" [?]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 11:00:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-10-19 07:25:30 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [6/24/2011 1:33:10 PM 331880]
R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [6/24/2011 1:33:23 PM 342168]
R0 pctEFA;PC Tools Extended File Attributes;C:\WINDOWS\system32\drivers\pctEFA.sys [6/24/2011 1:33:23 PM 909728]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2/27/2012 4:04:45 PM 54328]
R0 TFSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2/27/2012 4:04:45 PM 574424]
R1 pctgntdi;pctgntdi;C:\WINDOWS\system32\drivers\pctgntdi.sys [6/24/2011 1:33:21 PM 253352]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\WINDOWS\system32\drivers\PCTSD.sys [2/27/2012 4:00:19 PM 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [6/24/2011 2:16:27 PM 546768]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run --> C:\WINDOWS\system32\hasplms.exe -run [?]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2012 11:25:16 AM 652360]
R2 MotoHelper;MotoHelper Service;C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 4:13:50 PM 226624]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [3/2/2012 11:25:16 AM 20464]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;C:\WINDOWS\system32\drivers\nvoclock.sys [9/15/2009 2:59:28 PM 38248]
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [2/9/2010 5:59:22 PM 47360]
R3 PCTBD;PC Tools Browser Defender Driver;C:\WINDOWS\system32\drivers\PCTBD.sys [2/27/2012 4:00:39 PM 56840]
S1 DumpDrv;Crash Dump Driver;C:\WINDOWS\system32\drivers\dumpdrv.sys [10/19/2009 2:29:36 AM 9472]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42:41 PM 136176]
S2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46:20 AM 284016]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\WINDOWS\system32\drivers\motfilt.sys [10/2/2011 9:24:23 AM 6016]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [3/19/2011 3:42:41 PM 136176]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [10/2/2011 9:24:21 AM 20352]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [10/2/2011 9:24:21 AM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\WINDOWS\system32\drivers\Motousbnet.sys [10/2/2011 9:24:23 AM 23424]
S3 motusbdevice;Motorola USB Dev Driver;C:\WINDOWS\system32\drivers\motusbdevice.sys [10/2/2011 9:24:23 AM 9472]
S3 pctplsg;pctplsg;C:\WINDOWS\system32\drivers\pctplsg.sys [6/24/2011 1:33:02 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [6/24/2011 1:32:57 PM 402336]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2/27/2012 4:04:45 PM 35264]
S3 ThreatFire;ThreatFire;C:\Program Files\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files\PC Tools Security\TFEngine\TFService.exe service [?]
S4 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2012-03-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2012-03-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42:41 . 2011-03-19 20:42:37]

2012-03-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-19 20:42:41 . 2011-03-19 20:42:37]

2012-03-04 C:\WINDOWS\Tasks\MotoHelper Initial Update.job
- C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14:12 . 2011-01-27 21:14:12]

2012-02-29 C:\WINDOWS\Tasks\MotoHelper MUM.job
- C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14:12 . 2011-01-27 21:14:12]

2012-03-04 C:\WINDOWS\Tasks\MotoHelper Routing.job
- C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14:12 . 2011-01-27 21:14:12]

2012-02-29 C:\WINDOWS\Tasks\MotoHelper Update.job
- C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14:12 . 2011-01-27 21:14:12]

2012-03-04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D34A4223-3F9E-489B-8675-157936D04B47}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-10-19 07:30:57 . 2009-10-19 07:30:57]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wykhr570.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2086743&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111124&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - C:\Program Files\PC Tools Security\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: FreeSoundRecorder Community Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true


------- File Associations -------

.scr=AutoCADScriptFile

- - - - ORPHANS REMOVED - - - -

BHO-{66616350-A70C-4FF5-912E-A92B8076F6F7} - C:\Program Files\RebateRobot\RebateRobot.dll
BHO-{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - (no file)
HKLM-Run-PCTools FGuard - C:\Program Files\PC Tools Security\BDT\FGuard.exe
SafeBoot-78916224.sys
AddRemove-{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1 - C:\Program Files\RebateRobot\unins000.exe
 
Good news :)

We'll take care of your video driver as soon as we're done with Combofix.
For now we have one system driver missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
cdrom.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
btw, thanks for all of your help Broni!

Here's the systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:09 on 04/03/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
No files found.

-= EOF =-
 
Attached is zipped cdrom.sys file from my Windows CD.
Unzip it and paste cdrom.sys file to C:\WINDOWS\system32\drivers folder.
Disregard any Windows warnings.

Then....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
C:\WINDOWS\system32\drivers\14098817.sys
C:\WINDOWS\system32\drivers\tsk1D.tmp


Folder::

Driver::
14098817
tsk1D

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 

Attachments

  • cdrom.zip
    33 KB · Views: 2
Oh boy...got the "blue screen of death" on that pc. It happened while running ComboFix - it found the rootkit virus and rebooted okay then continued running the scan. I was in the other room when I heard the pc reboot again. It will not let me boot in safe mode and seems to get hung up right after the mup.sys file in system32\drivers\ folder
 
just tried it 3xs thought it would boot saw the XP screen for a flash - then back to blue screen
 
We need to use the Recovery Console to try to fix your issue.

  • You'll need to find your Windows XP installation disk.
  • Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
  • If prompted, click any options that are required to start the computer from the CD-ROM drive.
  • When the Welcome to Setup screen appears, press R to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to.
    • If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter.
  • You will now be presented with a C:\Windows> prompt
  • Type with an Enter after each line:

  • fixmbr

    fixboot

    exit
  • Restart computer.

************************

If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back