Inactive Computer stuck nothing loads, can't print, no sound

[Inactive] Computer stuck nothing loads, can't print, no sound

Computer takes a very long time to load. very slow. Keeps getting stuck and programs won't load. Also lost the ability to print. My print menu is empty and now tells me that my print spool is missing. No sound either, no sound device found.

Running computer in *Safe Mode*

Here are the following reports:

Malwarebytes

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
rpicon :: GLB-RPICON-02 [administrator]

2012-03-26 12:18
mbam-log-2012-03-26 (12-18-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245939
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-26 15:32:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: 781ihn03.exe; Driver: C:\DOCUME~1\RICKPI~1\LOCALS~1\Temp\kxtcrpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF750AC04]
SSDT sptd.sys ZwEnumerateKey [0xF750AD48]
SSDT sptd.sys ZwEnumerateValueKey [0xF750B0C0]
SSDT sptd.sys ZwOpenKey [0xF750AAE2]
SSDT sptd.sys ZwQueryKey [0xF750B18A]
SSDT sptd.sys ZwQueryValueKey [0xF750B022]
SSDT sptd.sys ZwSetValueKey [0xF750B212]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3197.SYS The process cannot access the file because it is being used by another process.
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 BA4D84D0 16 Bytes [F8, 30, CE, D7, 02, DE, 9C, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 BA4D84E1 31 Bytes [70, 4D, BA, 9C, 25, 8C, 04, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32604F4E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1816] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7513F52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7514550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7514454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7514620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7514620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7514550] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7514454] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7529F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F751410E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7529BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7513FA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7506A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7506B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7506AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75076CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75075A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A79E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F75191BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7529BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A79E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7506020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7506020] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 068D0880
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 068D0570
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 068C9060
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 068CA5A0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 068CD710
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 068CB2F0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 068CA8D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 068CCA50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 068CFA50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 068CFA90
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 068D0BD0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 068CF640
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 068CD670
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 068CBE10
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 068CAFA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 068CB890
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 068D1150
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 068CCDA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 068CD4D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 068CE100
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 068CDBE0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 068CE080
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 068CEBA0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 068CE270
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 068CAC50
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 068CBCC0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 068CFB70
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 068CDD20
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 068CD610
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 068CD1D0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 068CD820
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 068D0BF0
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 068CDB20
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 068D0E90
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 068D0E30
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 068D1080
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 068D1120
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 068D0F50
IAT C:\Program Files\Internet Explorer\iexplore.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1816] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A80AC78
Device \Driver\NetBT \Device\NetBT_Tcpip_{849CB337-DE20-421B-AC9E-B4F750CB1F7B} 89A060E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7BC808
Device \Driver\dmio \Device\DmControl\DmConfig 8A7BC808
Device \Driver\dmio \Device\DmControl\DmPnP 8A7BC808
Device \Driver\dmio \Device\DmControl\DmInfo 8A7BC808

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7BCA40
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7BCA40
Device \Driver\Cdrom \Device\CdRom0 8A76B8E8
Device \FileSystem\Rdbss \Device\FsWrap 899D6A88
Device \Driver\iastor \Device\Ide\iaStor0 8A80A0E8
Device \Driver\atapi \Device\Ide\IdePort0 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a7bc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a7bc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7843B40] atapi.sys[unknown section] {MOV EAX, 0x8a7bc4f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf751b684; RET }
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8A80A0E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7BCA40
Device \Driver\Cdrom \Device\CdRom1 8A76B8E8
Device \Driver\Cdrom \Device\CdRom2 8A76B8E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7BCA40
Device \Driver\NetBT \Device\NetBt_Wins_Export 89A060E8
Device \Driver\NetBT \Device\NetbiosSmb 89A060E8
Device \Driver\00000457 \Device\0000004f sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 8A80AEB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A03360
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A03360
Device \FileSystem\Npfs \Device\NamedPipe 89A01C90
Device \Driver\Ftdisk \Device\FtControl 8A7BCA40
Device \FileSystem\Msfs \Device\Mailslot 89A02478
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8A78B558
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 8A78B558
Device \FileSystem\Fastfat \Fat 898FC700
Device \FileSystem\Fastfat \Fat B8C9C297
Device \FileSystem\Cdfs \Cdfs 899974C8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1255686754
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1468089294
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -934213699
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\ProgID@ Ietag.OOC.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\TypeLib@ {06CA6721-CB57-449E-8097-E65B9F543A1A}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\VersionIndependentProgID@ Ietag.OOC

---- EOF - GMER 1.0.15 ----

 

sorry for the delay

 

PC issues running very very slow

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-26 15:33:43
-----------------------------
15:33:43.375 OS Version: Windows 5.1.2600 Service Pack 3
15:33:43.375 Number of processors: 2 586 0x602
15:33:43.375 ComputerName: GLB-RPICON-02 UserName: rpicon
15:33:44.281 Initialize success
15:33:45.187 AVAST engine defs: 11012000
15:33:55.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:33:55.359 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
15:33:55.453 Disk 0 MBR read successfully
15:33:55.468 Disk 0 MBR scan
15:33:55.828 Disk 0 unknown MBR code
15:33:55.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:33:56.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111192 MB offset 80325
15:33:56.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 37848 MB offset 227801700
15:33:56.703 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3498 MB offset 305315325
15:33:56.781 Disk 0 scanning sectors +312480315
15:33:57.187 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:53.640 Service scanning
15:35:07.125 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:35:09.000 Service vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys **LOCKED** 32
15:35:11.687 Modules scanning
15:36:02.000 Disk 0 trace - called modules:
15:36:02.062 ntoskrnl.exe >>UNKNOWN [0x8a80aeb0]<<
15:36:02.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7a2ab8]
15:36:02.062 \Driver\Disk[0x8a767968] -> IRP_MJ_CREATE -> 0x8a80aeb0
15:36:03.187 AVAST engine scan C:\WINDOWS
15:37:08.187 AVAST engine scan C:\WINDOWS\system32
15:50:48.750 AVAST engine scan C:\WINDOWS\system32\drivers
15:52:55.765 AVAST engine scan C:\Documents and Settings\Rick Picon
16:22:02.796 AVAST engine scan C:\Documents and Settings\All Users
16:22:46.750 Scan finished successfully
10:45:43.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\MBR.dat "
10:45:44.000 The log file has been saved successfully to "C:\Documents and Settings\Rick Picon\Desktop\aswMBR.txt "

 

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by rpicon at 10:46:04 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1257 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Rick Picon\Desktop\aswMBR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [CompanionLink] "c:\program files\airset\airset.exe" -Icon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\rick picon\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\rickpi~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rick picon\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\salesf~1.lnk - c:\program files\salesforce.com\salesforce for outlook\SfdcMsOl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc

 

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1831/SkillGround.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://www.advisorservices.com/content/advisor/files/UrlDownloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
TCP: DhcpNameServer = 192.168.1.113
TCP: Interfaces\{849CB337-DE20-421B-AC9E-B4F750CB1F7B} : DhcpNameServer = 192.168.1.113
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\rick picon\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - %profile%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
.

 

============= SERVICES / DRIVERS ===============
.
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-1-30 223128]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-14 294608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
S2 APC Data Service;APC Data Service;c:\program files\apc\apc powerchute personal edition\dataserv.exe [2010-9-14 21880]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-14 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-14 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-19 18:53:55 1409 ----a-w- c:\windows\QTFont.for
2012-03-19 18:51:56 -------- d-----w- c:\documents and settings\rick picon\local settings\application data\Ilivid Player
2012-03-19 18:51:50 -------- d-----w- c:\documents and settings\rick picon\application data\searchquband
2012-03-19 18:51:17 -------- d-----w- c:\program files\iLivid
2012-03-19 18:50:48 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
.
==================== Find3M ====================
.
2012-02-23 17:18:12 96384 ----a-w- c:\windows\system32\drivers\sptd3197.sys
2012-02-08 17:52:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x8A80AEB0]<<
_asm { MOV EAX, 0x8a80add0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a80dc94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x8A7A2AB8]
\Driver\Disk[0x8A767968] -> IRP_MJ_CREATE -> 0x8A80AEB0
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a80aeb0
\Driver\iaStor -> 0x8a80a0e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 10:46:19.42 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-03-31 13:54:53
System Uptime: 2012-03-26 11:53:26 (47 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 35.397 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 6.035 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM (CDFS)
P: is NetworkDisk (NTFS) - 136 GiB total, 43.323 GiB free.
T: is NetworkDisk (NTFS) - 136 GiB total, 43.323 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
AIM Pro
AirSet Desktop Sync
AOL Uninstaller (Choose which Products to Remove)
APC PowerChute Personal Edition 3.0
avast! Free Antivirus
BearShare
Classic Menu for Office
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Digital Content Portal
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dropbox
ESET Online Scanner v3
GameTap
Google
Google Calendar Sync
Google Chrome
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
iLivid
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
Java(TM) 6 Update 30
KhalSetup
Logitech SetPoint
LogMeIn
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.60.1.1000
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Math Add-in for Word 2007
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
Network Assistant
NVIDIA Drivers
Plaxo Toolbar for Windows
PortfolioCenter
PortfolioCenter Management Console
QBFC3.0
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Relationship Manager
RetCalc 2.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RSSRadio
Salesforce for Outlook
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB982381)
SkillGround Game Manager
SUPERAntiSpyware Free Edition
swMSM
TD AMERITRADE Statements/Confirmations Manager
Total Access Memo 2003 Runtime
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wvaiper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wvaiper
UnHackMe 5.00 release
Update for Outlook 2007 Junk Email Filter (KB934655)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.0.2
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2012-03-26 11:55:26, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm Lbd SASDIFSV SASKUTIL
2012-03-26 11:54:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2012-03-26 11:51:40, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2012-03-26 11:51:40, error: Service Control Manager [7022] - The StarWind iSCSI Service service hung on starting.
2012-03-26 11:49:48, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
2012-03-26 11:49:48, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2012-03-26 11:47:50, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
2012-03-26 11:47:50, error: Service Control Manager [7000] - The Windows Firewall/Internet Connection Sharing (ICS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2012-03-26 11:44:52, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.
2012-03-26 11:43:54, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Browser service.
2012-03-26 11:43:54, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2012-03-26 11:41:30, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
2012-03-26 11:41:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
2012-03-26 11:40:42, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
2012-03-26 11:40:42, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
.
==== End Of File ===========================

 

must be old. Forgot to delete.

I'll remove it. Thanks

 

11:24:16.0015 1524 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:24:16.0265 1524 ============================================================
11:24:16.0265 1524 Current date / time: 2012/03/29 11:24:16.0265
11:24:16.0265 1524 SystemInfo:
11:24:16.0265 1524
11:24:16.0265 1524 OS Version: 5.1.2600 ServicePack: 3.0
11:24:16.0265 1524 Product type: Workstation
11:24:16.0281 1524 ComputerName: GLB-RPICON-02
11:24:16.0281 1524 UserName: rpicon
11:24:16.0281 1524 Windows directory: C:\WINDOWS
11:24:16.0281 1524 System windows directory: C:\WINDOWS
11:24:16.0281 1524 Processor architecture: Intel x86
11:24:16.0281 1524 Number of processors: 2
11:24:16.0281 1524 Page size: 0x1000
11:24:16.0281 1524 Boot type: Safe boot with network
11:24:16.0281 1524 ============================================================
11:24:16.0625 1524 Drive \Device\Harddisk0\DR0 - Size: 0x2540900000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:24:16.0625 1524 \Device\Harddisk0\DR0:
11:24:16.0625 1524 MBR used
11:24:16.0625 1524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
11:24:16.0625 1524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x49EC399
11:24:16.0781 1524 Initialize success
11:24:16.0781 1524 ============================================================
11:24:19.0125 3256 ============================================================
11:24:19.0125 3256 Scan started
11:24:19.0125 3256 Mode: Manual;
11:24:19.0125 3256 ============================================================
11:24:19.0953 3256 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:24:19.0953 3256 Aavmker4 - ok
11:24:19.0968 3256 Abiosdsk - ok
11:24:20.0031 3256 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:24:20.0031 3256 abp480n5 - ok
11:24:20.0187 3256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:20.0203 3256 ACPI - ok
11:24:20.0265 3256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:24:20.0265 3256 ACPIEC - ok
11:24:20.0296 3256 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:24:20.0296 3256 adpu160m - ok
11:24:20.0375 3256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:24:20.0375 3256 aec - ok
11:24:20.0437 3256 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:24:20.0437 3256 AFD - ok
11:24:20.0562 3256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:24:20.0593 3256 agp440 - ok
11:24:20.0640 3256 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:24:20.0656 3256 agpCPQ - ok
11:24:20.0734 3256 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:24:20.0734 3256 Aha154x - ok
11:24:20.0765 3256 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:24:20.0765 3256 aic78u2 - ok
11:24:20.0796 3256 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:24:20.0796 3256 aic78xx - ok
11:24:20.0859 3256 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:24:20.0875 3256 Alerter - ok
11:24:20.0906 3256 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:24:20.0906 3256 ALG - ok
11:24:21.0046 3256 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:24:21.0046 3256 AliIde - ok
11:24:21.0093 3256 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:24:21.0125 3256 alim1541 - ok
11:24:21.0171 3256 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:24:21.0171 3256 amdagp - ok
11:24:21.0218 3256 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:24:21.0218 3256 amsint - ok
11:24:21.0312 3256 APC Data Service (378a326ba649e01aac767355aab9e90c) C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
11:24:21.0343 3256 APC Data Service - ok
11:24:21.0390 3256 APC UPS Service (84a1a403d2dd63ef941674cc87ff503c) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
11:24:21.0406 3256 APC UPS Service - ok
11:24:21.0500 3256 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:24:21.0515 3256 AppMgmt - ok
11:24:21.0562 3256 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:24:21.0562 3256 Arp1394 - ok
11:24:21.0578 3256 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:24:21.0578 3256 asc - ok
11:24:21.0609 3256 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:24:21.0609 3256 asc3350p - ok
11:24:21.0640 3256 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:24:21.0640 3256 asc3550 - ok
11:24:21.0781 3256 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
11:24:21.0781 3256 ASCTRM - ok
11:24:22.0093 3256 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:24:22.0093 3256 aspnet_state - ok
11:24:22.0171 3256 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:24:22.0171 3256 aswFsBlk - ok
11:24:22.0187 3256 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
11:24:22.0187 3256 aswMon2 - ok
11:24:22.0250 3256 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
11:24:22.0250 3256 aswRdr - ok
11:24:22.0375 3256 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
11:24:22.0390 3256 aswSP - ok
11:24:22.0437 3256 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
11:24:22.0437 3256 aswTdi - ok
11:24:22.0468 3256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:22.0468 3256 AsyncMac - ok
11:24:22.0515 3256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:22.0515 3256 atapi - ok
11:24:22.0531 3256 Atdisk - ok
11:24:22.0625 3256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:22.0640 3256 Atmarpc - ok
11:24:22.0687 3256 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:24:22.0687 3256 AudioSrv - ok
11:24:22.0703 3256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:22.0703 3256 audstub - ok
11:24:22.0890 3256 avast! Antivirus (25fb74eabce5ec7836ba3cfb3c58449a) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:24:22.0890 3256 avast! Antivirus - ok
11:24:22.0984 3256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:24:22.0984 3256 Beep - ok
11:24:23.0125 3256 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:24:23.0156 3256 BITS - ok
11:24:23.0218 3256 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:24:23.0218 3256 Browser - ok
11:24:23.0234 3256 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:24:23.0234 3256 cbidf - ok
11:24:23.0265 3256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:23.0265 3256 cbidf2k - ok
11:24:23.0296 3256 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:24:23.0296 3256 cd20xrnt - ok
11:24:23.0343 3256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:23.0359 3256 Cdaudio - ok
11:24:23.0375 3256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:23.0375 3256 Cdfs - ok
11:24:23.0453 3256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:23.0453 3256 Cdrom - ok
11:24:23.0468 3256 Changer - ok
11:24:23.0515 3256 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:24:23.0531 3256 CiSvc - ok
11:24:23.0640 3256 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:24:23.0687 3256 ClipSrv - ok
11:24:23.0859 3256 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:23.0859 3256 clr_optimization_v2.0.50727_32 - ok
11:24:23.0906 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:23.0906 3256 clr_optimization_v4.0.30319_32 - ok
11:24:23.0953 3256 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:24:23.0953 3256 CmdIde - ok
11:24:23.0968 3256 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:24:23.0968 3256 Compbatt - ok
11:24:23.0984 3256 COMSysApp - ok
11:24:24.0062 3256 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:24:24.0062 3256 Cpqarray - ok
11:24:24.0093 3256 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:24:24.0093 3256 CryptSvc - ok
11:24:24.0125 3256 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:24:24.0125 3256 dac2w2k - ok
11:24:24.0156 3256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:24:24.0156 3256 dac960nt - ok
11:24:24.0203 3256 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
11:24:24.0203 3256 DcomLaunch - ok
11:24:24.0234 3256 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:24:24.0234 3256 Dhcp - ok
11:24:24.0265 3256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:24.0265 3256 Disk - ok
11:24:24.0375 3256 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:24:24.0375 3256 DLABOIOM - ok
11:24:24.0468 3256 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:24:24.0468 3256 DLACDBHM - ok
11:24:24.0500 3256 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:24:24.0500 3256 DLADResN - ok
11:24:24.0515 3256 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:24:24.0531 3256 DLAIFS_M - ok
11:24:24.0546 3256 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:24:24.0546 3256 DLAOPIOM - ok
11:24:24.0578 3256 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:24:24.0578 3256 DLAPoolM - ok
11:24:24.0609 3256 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:24:24.0609 3256 DLARTL_N - ok
11:24:24.0640 3256 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:24:24.0640 3256 DLAUDFAM - ok
11:24:24.0656 3256 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:24:24.0656 3256 DLAUDF_M - ok
11:24:24.0687 3256 dmadmin - ok
11:24:24.0875 3256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:24:24.0937 3256 dmboot - ok
11:24:24.0984 3256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:24:24.0984 3256 dmio - ok
11:24:25.0031 3256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:24:25.0031 3256 dmload - ok
11:24:25.0062 3256 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:24:25.0062 3256 dmserver - ok
11:24:25.0078 3256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:24:25.0093 3256 DMusic - ok
11:24:25.0125 3256 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
11:24:25.0125 3256 Dnscache - ok
11:24:25.0171 3256 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:24:25.0187 3256 Dot3svc - ok
11:24:25.0234 3256 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:24:25.0234 3256 dpti2o - ok
11:24:25.0265 3256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:25.0265 3256 drmkaud - ok
11:24:25.0312 3256 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:24:25.0312 3256 DRVMCDB - ok
11:24:25.0328 3256 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:24:25.0328 3256 DRVNDDM - ok
11:24:25.0390 3256 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:24:25.0390 3256 E100B - ok
11:24:25.0406 3256 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:24:25.0421 3256 e1express - ok
11:24:25.0484 3256 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:24:25.0484 3256 EapHost - ok
11:24:25.0500 3256 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:24:25.0500 3256 ERSvc - ok
11:24:25.0531 3256 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
11:24:25.0531 3256 Eventlog - ok
11:24:25.0562 3256 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
11:24:25.0578 3256 EventSystem - ok
11:24:25.0671 3256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:25.0718 3256 Fastfat - ok
11:24:25.0843 3256 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:24:25.0843 3256 FastUserSwitchingCompatibility - ok
11:24:25.0875 3256 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:24:25.0875 3256 Fax - ok
11:24:25.0921 3256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:24:25.0921 3256 Fdc - ok
11:24:25.0953 3256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:24:25.0953 3256 Fips - ok
11:24:26.0125 3256 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:24:26.0140 3256 FLEXnet Licensing Service - ok
11:24:26.0187 3256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:24:26.0187 3256 Flpydisk - ok
11:24:26.0250 3256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:24:26.0250 3256 FltMgr - ok
11:24:26.0375 3256 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:24:26.0375 3256 FontCache3.0.0.0 - ok
11:24:26.0421 3256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:26.0421 3256 Fs_Rec - ok
11:24:26.0453 3256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:26.0453 3256 Ftdisk - ok
11:24:26.0468 3256 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
11:24:26.0468 3256 GearAspiWDM - ok
11:24:26.0500 3256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:26.0515 3256 Gpc - ok
11:24:26.0578 3256 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:24:26.0593 3256 gusvc - ok
11:24:26.0609 3256 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:24:26.0609 3256 HDAudBus - ok
11:24:26.0718 3256 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:24:26.0734 3256 helpsvc - ok
11:24:26.0906 3256 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:24:26.0906 3256 HidBatt - ok
11:24:26.0968 3256 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:24:26.0968 3256 HidServ - ok
11:24:27.0015 3256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:27.0015 3256 HidUsb - ok
11:24:27.0109 3256 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:24:27.0125 3256 hkmsvc - ok
11:24:27.0468 3256 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:24:27.0468 3256 hpn - ok
11:24:27.0531 3256 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:24:27.0531 3256 HPZius12 - ok
11:24:27.0578 3256 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:27.0578 3256 HTTP - ok
11:24:27.0609 3256 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:24:27.0609 3256 HTTPFilter - ok
11:24:27.0625 3256 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:24:27.0625 3256 i2omgmt - ok
11:24:27.0671 3256 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:24:27.0703 3256 i2omp - ok
11:24:27.0750 3256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:27.0750 3256 i8042prt - ok
11:24:27.0828 3256 IAANTMon (d43e91e271c041bb86a6223462a41d28) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
11:24:27.0828 3256 IAANTMon - ok
11:24:27.0890 3256 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
11:24:27.0890 3256 iastor - ok
11:24:28.0015 3256 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:24:28.0031 3256 IDriverT - ok
11:24:28.0187 3256 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:24:28.0203 3256 idsvc - ok
11:24:28.0234 3256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:28.0234 3256 Imapi - ok
11:24:28.0296 3256 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:24:28.0296 3256 ImapiService - ok
11:24:28.0359 3256 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:24:28.0375 3256 ini910u - ok
11:24:28.0406 3256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:24:28.0406 3256 IntelIde - ok
11:24:28.0468 3256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:28.0468 3256 intelppm - ok
11:24:28.0656 3256 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:24:28.0656 3256 IntuitUpdateService - ok
11:24:28.0890 3256 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:24:28.0921 3256 IntuitUpdateServiceV4 - ok
11:24:29.0109 3256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:24:29.0109 3256 Ip6Fw - ok
11:24:29.0484 3256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:29.0484 3256 IpFilterDriver - ok
11:24:29.0796 3256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:29.0796 3256 IpInIp - ok
11:24:30.0109 3256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:30.0109 3256 IpNat - ok
11:24:30.0531 3256 iPod Service (661194608009b558de1925c7ebe1a4ba) C:\Program Files\iPod\bin\iPodService.exe
11:24:30.0531 3256 iPod Service - ok
11:24:31.0000 3256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:31.0062 3256 IPSec - ok
11:24:31.0468 3256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:31.0468 3256 IRENUM - ok
11:24:31.0687 3256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:31.0687 3256 isapnp - ok
11:24:31.0781 3256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:31.0781 3256 Kbdclass - ok
11:24:31.0828 3256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:24:31.0843 3256 kbdhid - ok
11:24:31.0921 3256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:24:31.0921 3256 kmixer - ok
11:24:31.0984 3256 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:32.0015 3256 KSecDD - ok
11:24:32.0109 3256 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
11:24:32.0109 3256 lanmanserver - ok
11:24:32.0171 3256 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
11:24:32.0171 3256 lanmanworkstation - ok
11:24:32.0187 3256 Lbd - ok
11:24:32.0265 3256 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:24:32.0265 3256 LBeepKE - ok
11:24:32.0281 3256 lbrtfdc - ok
11:24:32.0468 3256 LHidKe (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
11:24:32.0468 3256 LHidKe - ok
11:24:32.0531 3256 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:24:32.0531 3256 LmHosts - ok
11:24:32.0812 3256 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:24:32.0828 3256 LMIInfo - ok
11:24:33.0062 3256 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe
11:24:33.0062 3256 LMIMaint - ok
11:24:33.0125 3256 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
11:24:33.0125 3256 LMImirr - ok
11:24:33.0140 3256 LMIRfsClientNP - ok
11:24:33.0218 3256 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:24:33.0218 3256 LMIRfsDriver - ok
11:24:33.0296 3256 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
11:24:33.0296 3256 LMouKE - ok
11:24:33.0390 3256 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:24:33.0390 3256 LogMeIn - ok
11:24:33.0500 3256 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:24:33.0515 3256 Messenger - ok
11:24:33.0671 3256 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:24:33.0671 3256 Microsoft Office Groove Audit Service - ok
11:24:33.0765 3256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:33.0765 3256 mnmdd - ok
11:24:33.0875 3256 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:24:33.0875 3256 mnmsrvc - ok
11:24:33.0937 3256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:24:33.0937 3256 Modem - ok
11:24:33.0968 3256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:33.0968 3256 Mouclass - ok
11:24:34.0000 3256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:34.0000 3256 mouhid - ok
11:24:34.0031 3256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:34.0031 3256 MountMgr - ok
11:24:34.0078 3256 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:24:34.0078 3256 mraid35x - ok
11:24:34.0093 3256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:34.0093 3256 MRxDAV - ok
11:24:34.0125 3256 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:34.0125 3256 MRxSmb - ok
11:24:34.0156 3256 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:24:34.0156 3256 MSDTC - ok
11:24:34.0218 3256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:24:34.0218 3256 Msfs - ok
11:24:34.0234 3256 MSIServer - ok
11:24:34.0281 3256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:34.0281 3256 MSKSSRV - ok
11:24:34.0296 3256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:34.0296 3256 MSPCLOCK - ok
11:24:34.0421 3256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:34.0421 3256 MSPQM - ok
11:24:34.0531 3256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:34.0531 3256 mssmbios - ok
11:24:34.0578 3256 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:24:34.0578 3256 Mup - ok
11:24:34.0718 3256 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:24:34.0765 3256 napagent - ok
11:24:34.0812 3256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:24:34.0812 3256 NDIS - ok
11:24:34.0843 3256 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:34.0843 3256 NdisTapi - ok
11:24:34.0859 3256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:34.0859 3256 Ndisuio - ok
11:24:34.0906 3256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:34.0906 3256 NdisWan - ok
11:24:34.0921 3256 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:34.0921 3256 NDProxy - ok
11:24:34.0953 3256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:34.0953 3256 NetBIOS - ok
11:24:34.0984 3256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:35.0000 3256 NetBT - ok
11:24:35.0062 3256 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:24:35.0062 3256 NetDDE - ok
11:24:35.0078 3256 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:24:35.0078 3256 NetDDEdsdm - ok
11:24:35.0125 3256 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:35.0125 3256 Netlogon - ok
11:24:35.0328 3256 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:24:35.0328 3256 Netman - ok
11:24:35.0468 3256 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
11:24:35.0468 3256 NetSvc - ok
11:24:35.0625 3256 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:35.0625 3256 NetTcpPortSharing - ok
11:24:35.0671 3256 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:24:35.0671 3256 NIC1394 - ok
11:24:35.0734 3256 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
11:24:35.0750 3256 Nla - ok
11:24:35.0796 3256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:24:35.0796 3256 Npfs - ok
11:24:35.0859 3256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:35.0859 3256 Ntfs - ok
11:24:35.0890 3256 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:35.0890 3256 NtLmSsp - ok
11:24:35.0953 3256 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:24:35.0953 3256 NtmsSvc - ok
11:24:35.0968 3256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:24:35.0968 3256 Null - ok
11:24:36.0093 3256 nv (0a83977b8909fda12e45112575a59ba7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:24:36.0140 3256 nv - ok
11:24:36.0203 3256 NVSvc (153c0ba143a174b38cb06338c6ef4cc5) C:\WINDOWS\system32\nvsvc32.exe
11:24:36.0218 3256 NVSvc - ok
11:24:36.0265 3256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:36.0265 3256 NwlnkFlt - ok
11:24:36.0562 3256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:36.0562 3256 NwlnkFwd - ok
11:24:36.0765 3256 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:24:36.0781 3256 odserv - ok
11:24:36.0812 3256 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:24:36.0812 3256 ohci1394 - ok
11:24:36.0828 3256 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:36.0828 3256 ose - ok
11:24:36.0906 3256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:36.0937 3256 Parport - ok
11:24:37.0031 3256 Partizan (8ea4ce212887d6b0c7aa367c63b55b95) C:\WINDOWS\system32\drivers\Partizan.sys
11:24:37.0031 3256 Partizan - ok
11:24:37.0078 3256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:37.0078 3256 PartMgr - ok
11:24:37.0109 3256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:37.0125 3256 ParVdm - ok
11:24:37.0140 3256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:37.0140 3256 PCI - ok
11:24:37.0156 3256 PCIDump - ok
11:24:37.0187 3256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:37.0187 3256 PCIIde - ok
11:24:37.0265 3256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:37.0312 3256 Pcmcia - ok
11:24:37.0328 3256 PDCOMP - ok
11:24:37.0343 3256 PDFRAME - ok
11:24:37.0343 3256 PDRELI - ok
11:24:37.0359 3256 PDRFRAME - ok
11:24:37.0390 3256 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:24:37.0406 3256 perc2 - ok
11:24:37.0406 3256 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:24:37.0406 3256 perc2hib - ok
11:24:37.0453 3256 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
11:24:37.0453 3256 PlugPlay - ok
11:24:37.0484 3256 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:37.0484 3256 PolicyAgent - ok
11:24:37.0500 3256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:37.0500 3256 PptpMiniport - ok
11:24:37.0515 3256 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:37.0515 3256 ProtectedStorage - ok
11:24:37.0531 3256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:37.0546 3256 PSched - ok
11:24:37.0609 3256 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
11:24:37.0609 3256 PSI - ok
11:24:37.0640 3256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:37.0640 3256 Ptilink - ok
11:24:37.0656 3256 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:24:37.0656 3256 PxHelp20 - ok
11:24:37.0671 3256 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:24:37.0671 3256 ql1080 - ok
11:24:37.0671 3256 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:24:37.0671 3256 Ql10wnt - ok
11:24:37.0687 3256 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:24:37.0687 3256 ql12160 - ok
11:24:37.0703 3256 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:24:37.0703 3256 ql1240 - ok
11:24:37.0718 3256 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:24:37.0718 3256 ql1280 - ok
11:24:37.0718 3256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:37.0718 3256 RasAcd - ok
11:24:37.0796 3256 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:24:37.0812 3256 RasAuto - ok
11:24:37.0843 3256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:37.0843 3256 Rasl2tp - ok
11:24:37.0906 3256 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:24:37.0906 3256 RasMan - ok
11:24:37.0937 3256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:37.0937 3256 RasPppoe - ok
11:24:37.0953 3256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:37.0953 3256 Raspti - ok
11:24:37.0984 3256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:37.0984 3256 Rdbss - ok
11:24:38.0000 3256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:38.0000 3256 RDPCDD - ok
11:24:38.0031 3256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:38.0031 3256 rdpdr - ok
11:24:38.0062 3256 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:38.0062 3256 RDPWD - ok
11:24:38.0109 3256 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:24:38.0156 3256 RDSessMgr - ok
11:24:38.0187 3256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:38.0187 3256 redbook - ok
11:24:38.0234 3256 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:24:38.0234 3256 RemoteAccess - ok
11:24:38.0265 3256 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:24:38.0265 3256 RemoteRegistry - ok
11:24:38.0296 3256 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:24:38.0328 3256 RpcLocator - ok
11:24:38.0390 3256 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll
11:24:38.0406 3256 RpcSs - ok
11:24:38.0484 3256 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:24:38.0484 3256 RSVP - ok
11:24:38.0500 3256 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:38.0500 3256 SamSs - ok
11:24:38.0578 3256 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:24:38.0578 3256 SASDIFSV - ok
11:24:38.0609 3256 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
11:24:38.0609 3256 SASENUM - ok
11:24:38.0625 3256 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
11:24:38.0625 3256 SASKUTIL - ok
11:24:38.0656 3256 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:24:38.0656 3256 SCardSvr - ok
11:24:38.0750 3256 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:24:38.0765 3256 Schedule - ok
11:24:38.0812 3256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:38.0812 3256 Secdrv - ok
11:24:38.0828 3256 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:24:38.0875 3256 seclogon - ok
11:24:39.0281 3256 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
11:24:39.0312 3256 Secunia PSI Agent - ok
11:24:39.0421 3256 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:24:39.0421 3256 SENS - ok
11:24:39.0609 3256 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:39.0609 3256 serenum - ok
11:24:39.0656 3256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:39.0656 3256 Serial - ok
11:24:39.0718 3256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:39.0781 3256 Sfloppy - ok
11:24:39.0890 3256 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:24:39.0906 3256 SharedAccess - ok
11:24:40.0000 3256 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:24:40.0015 3256 ShellHWDetection - ok
11:24:40.0015 3256 Simbad - ok
11:24:40.0109 3256 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:24:40.0109 3256 sisagp - ok
11:24:40.0187 3256 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:24:40.0187 3256 SONYPVU1 - ok
11:24:40.0359 3256 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:24:40.0359 3256 Sparrow - ok
11:24:40.0453 3256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:24:40.0468 3256 splitter - ok
11:24:40.0484 3256 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
11:24:40.0484 3256 Spooler - ok
11:24:40.0578 3256 sptd (175600c9e3e4154150bfbc192a61c1de) C:\WINDOWS\system32\Drivers\sptd.sys
11:24:40.0578 3256 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 175600c9e3e4154150bfbc192a61c1de
11:24:40.0578 3256 sptd ( LockedFile.Multi.Generic ) - warning
11:24:40.0578 3256 sptd - detected LockedFile.Multi.Generic (1)
11:24:40.0640 3256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:40.0640 3256 sr - ok
11:24:40.0671 3256 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:24:40.0671 3256 srservice - ok
11:24:40.0750 3256 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:40.0750 3256 Srv - ok
11:24:40.0796 3256 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:24:40.0812 3256 SSDPSRV - ok
11:24:40.0937 3256 StarWindService (ab2b9349ada4ac5ec74b622b8303fe23) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
11:24:40.0937 3256 StarWindService - ok
11:24:41.0062 3256 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
11:24:41.0078 3256 STHDA - ok
11:24:41.0234 3256 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:24:41.0296 3256 stisvc - ok
11:24:41.0390 3256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:41.0390 3256 swenum - ok
11:24:41.0406 3256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:24:41.0421 3256 swmidi - ok
11:24:41.0421 3256 SwPrv - ok
11:24:41.0484 3256 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:24:41.0484 3256 symc810 - ok
11:24:41.0484 3256 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:24:41.0484 3256 symc8xx - ok
11:24:41.0500 3256 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:24:41.0500 3256 sym_hi - ok
11:24:41.0515 3256 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:24:41.0515 3256 sym_u3 - ok
11:24:41.0578 3256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:41.0578 3256 sysaudio - ok
11:24:41.0609 3256 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:24:41.0609 3256 SysmonLog - ok
11:24:41.0671 3256 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:24:41.0687 3256 TapiSrv - ok
11:24:41.0750 3256 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:41.0750 3256 Tcpip - ok
11:24:41.0796 3256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:41.0796 3256 TDPIPE - ok
11:24:41.0890 3256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:41.0890 3256 TDTCP - ok
11:24:41.0953 3256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:41.0953 3256 TermDD - ok
11:24:42.0156 3256 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:24:42.0250 3256 TermService - ok
11:24:42.0296 3256 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
11:24:42.0312 3256 Themes - ok
11:24:42.0437 3256 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:24:42.0437 3256 TlntSvr - ok
11:24:42.0500 3256 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
11:24:42.0500 3256 tmcomm - ok
11:24:42.0562 3256 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:24:42.0562 3256 TosIde - ok
11:24:42.0609 3256 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:24:42.0609 3256 TrkWks - ok
11:24:42.0687 3256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:24:42.0687 3256 Udfs - ok
11:24:42.0750 3256 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:24:42.0750 3256 ultra - ok
11:24:42.0812 3256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:24:42.0812 3256 Update - ok
11:24:42.0859 3256 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:24:42.0859 3256 upnphost - ok
11:24:42.0890 3256 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:24:42.0890 3256 UPS - ok
11:24:42.0937 3256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:42.0953 3256 usbccgp - ok
11:24:42.0968 3256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:42.0968 3256 usbehci - ok
11:24:42.0984 3256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:42.0984 3256 usbhub - ok
11:24:43.0000 3256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:24:43.0000 3256 usbprint - ok
11:24:43.0015 3256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:43.0015 3256 USBSTOR - ok
11:24:43.0031 3256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:43.0031 3256 usbuhci - ok
11:24:43.0062 3256 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:24:43.0062 3256 usb_rndisx - ok
11:24:43.0109 3256 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
11:24:43.0109 3256 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
11:24:43.0109 3256 vaxscsi ( LockedFile.Multi.Generic ) - warning
11:24:43.0109 3256 vaxscsi - detected LockedFile.Multi.Generic (1)
11:24:43.0140 3256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:24:43.0156 3256 VgaSave - ok
11:24:43.0171 3256 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:24:43.0171 3256 viaagp - ok
11:24:43.0187 3256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:24:43.0187 3256 ViaIde - ok
11:24:43.0218 3256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:43.0218 3256 VolSnap - ok
11:24:43.0375 3256 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:24:43.0421 3256 VSS - ok
11:24:43.0625 3256 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:24:43.0640 3256 w32time - ok
11:24:43.0937 3256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:43.0937 3256 Wanarp - ok
11:24:44.0031 3256 wanatw - ok
11:24:44.0171 3256 WDICA - ok
11:24:44.0484 3256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:44.0484 3256 wdmaud - ok
11:24:44.0546 3256 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:24:44.0546 3256 WebClient - ok
11:24:44.0593 3256 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:24:44.0593 3256 winmgmt - ok
11:24:44.0609 3256 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:24:44.0625 3256 WmdmPmSN - ok
11:24:44.0656 3256 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
11:24:44.0656 3256 Wmi - ok
11:24:44.0750 3256 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:24:44.0750 3256 WmiApSrv - ok
11:24:44.0859 3256 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:24:44.0875 3256 WMPNetworkSvc - ok
11:24:45.0265 3256 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:24:45.0359 3256 WPFFontCache_v0400 - ok
11:24:45.0390 3256 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:24:45.0390 3256 WS2IFSL - ok
11:24:45.0437 3256 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:24:45.0437 3256 wscsvc - ok
11:24:45.0468 3256 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:24:45.0468 3256 wuauserv - ok
11:24:45.0515 3256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:24:45.0515 3256 WudfPf - ok
11:24:45.0531 3256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:24:45.0531 3256 WudfRd - ok
11:24:45.0546 3256 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:24:45.0546 3256 WudfSvc - ok
11:24:45.0593 3256 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:24:45.0609 3256 WZCSVC - ok
11:24:45.0703 3256 X4HSX32 (cd89071a6e7ad0e5d5c6fba70dbeca19) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
11:24:45.0750 3256 X4HSX32 - ok
11:24:45.0906 3256 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:24:45.0937 3256 xmlprov - ok
11:24:46.0031 3256 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:24:46.0046 3256 YahooAUService - ok
11:24:46.0109 3256 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
11:24:46.0140 3256 \Device\Harddisk0\DR0 - ok
11:24:46.0156 3256 Boot (0x1200) (da87cf439f944406c00ff3166f36b984) \Device\Harddisk0\DR0\Partition0
11:24:46.0156 3256 \Device\Harddisk0\DR0\Partition0 - ok
11:24:46.0187 3256 Boot (0x1200) (4d1d67eeb60b57c2e8917509167f80ac) \Device\Harddisk0\DR0\Partition1
11:24:46.0187 3256 \Device\Harddisk0\DR0\Partition1 - ok
11:24:46.0187 3256 ============================================================
11:24:46.0187 3256 Scan finished
11:24:46.0187 3256 ============================================================
11:24:46.0218 0464 Detected object count: 2
11:24:46.0218 0464 Actual detected object count: 2
11:25:55.0906 0464 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:25:55.0906 0464 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:25:55.0921 0464 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
11:25:55.0921 0464 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip

 

When running Bootkit Remover, Black screen opens then I get a Warning box:
ATA_PASS_THROUGH_DIRECT is not supported by your disk controller.
SCSI_PASS_THROUGH_DIRECT will be use for disk I/O

 

Also after wouldn't let me copy the content from the Black screen CTRL+C

 

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: d151c79dcec0bf1ec983bea63558a0ef

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

ComboFix 12-04-01.01 - rpicon 2012-04-02 10:53:51.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1358 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rick Picon\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-19 18:53 . 2012-03-19 18:53 1409 ----a-w- c:\windows\QTFont.for
2012-03-19 18:51 . 2012-03-19 18:52 -------- d-----w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Ilivid Player
2012-03-19 18:51 . 2012-03-19 18:51 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\searchquband
2012-03-19 18:51 . 2012-03-19 18:51 -------- d-----w- c:\program files\iLivid
2012-03-19 18:50 . 2012-03-19 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 17:18 . 2007-01-30 16:26 96384 ----a-w- c:\windows\system32\drivers\sptd3197.sys
2012-02-08 17:52 . 2012-01-25 20:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"CompanionLink "= "c:\program files\airset\airset.exe" [2007-12-05 11866112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Rick Picon\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
Salesforce for Outlook.lnk - c:\program files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe [2011-7-29 468384]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
backup=c:\windows\pss\Microsoft Office Groove.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-06-11 21:17 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 11:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-07 13:15 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 02:36 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 13:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2006-05-10 13:48 94208 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 17:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-09 05:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2011-01-05 23:19 15752 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2011-01-05 23:19 813448 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 13:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011-04-19 993848]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 13:00]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
- c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.113
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://www.advisorservices.com/content/advisor/files/UrlDownloader.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - %profile%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 11:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1260)
c:\windows\system32\WININET.dll
c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Network Assistant\HOOKS.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-02 11:02:36
ComboFix-quarantined-files.txt 2012-04-02 15:02
.
Pre-Run: 35,399,872,512 bytes free
Post-Run: 35,527,258,112 bytes free
.
- - End Of File - - 880B76EE0B69FAF3147D5A64BA361DFF