Restricted! Unable to install/uninstall, copy/paste or download anything

[toots]

I tried to uninstall Malwarebytes to install the latest version but my pc freezes at the beginning of uninstall program manager.

Malwarebytes runs but doesn't find anything. (Possibly not the latest version)

I was able to run TDS Skiller, it found 6 unsigned, suspicious items but I could not copy the report content, I can highlight the text but no window opens when I right click my mouse to copy. The 6 files were: AFS, JL2005C, KR10I, KR10N, KR3NPXP and SQTECH913D if that helps.

None of my programs will save a file using save or save as.

When I put a disk in the DVD drive it just spins but never opens or shows contents of the disk.

I am not highly skilled with computers and am in need of much assistance I'm afraid. Please help me - I need my pc in proper functioning order as it is my source of income. Thanks.

[Elise]

Hello, lets start with a general scan here.

In order to copy/paste a log, highlight the text, then either right click > Copy or press CTRL + C to copy the text (note, nothing will open when you do so).

Next, right click in the reply box and select Paste or press CTRL + V in order to paste the copied text. Do so for both generated logs.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[toots]

Thanks for the reply; unfortunately, I am unable to download DDS from the link you provided me. I don't believe I am able to download much of anything from what I am experiencing.

When I click the link a tab opens up titled as "Untitled" and the URL says "about: blank".

When I right click the link and select to open in a new tab or window or any available selection following right clicking the mouse over the link the same thing occurs, Untitled tab heading with about: blank in the URL.

Would the fact that I am using Chrome have any thing to do with the link not opening? I thought I'd try to open the link with a different browser, but I can't seem to locate internet explorer anywhere on my pc!

I am unsure as to how you would like me to proceed at this point.

[toots]

Yeah! I hope I did this as you instructed: I disconnected from the internet, then disabled my anti-virus software, then ran DDS from where ever it was located on my computer. When I downloaded it I was not given an option to save it to my desktop.

Here's what I got:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_11

Run by Magic at 10:13:34 on 2012-02-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1203 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\SYSTEM32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\locator.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\SYSTEM32\Taskmgr.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

uRun: [EPSON NX125 NX127 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigga.exe /fu "c:\windows\temp\E_SC6CB.tmp" /EF "HKCU"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

uPolicies-explorer: NoPrintSharing = 1 (0x1)

uPolicies-explorer: NoFileSharing = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{61A1BCD9-B9C3-4C0A-8420-07038B7916FB} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BD64F310-0227-4911-AF9E-3A1684376982} : DhcpNameServer = 192.168.2.1

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\magic\appdata\roaming\mozilla\firefox\profiles\tlmwhfb0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.justice.gov/eoir/vll/benchbook/templates/benchbook%20cancellation%20240A(a)%20template%201%20upload%201-30-08.htm

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll

FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\3\NP_wtapp.dll

FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-11-1 20392]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl308ebcf2;MpKsl308ebcf2;c:\programdata\microsoft\microsoft antimalware\definition updates\{e4055ce6-4f8e-4c06-94fd-7153f9799e0f}\MpKsl308ebcf2.sys [2012-2-3 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 67656]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-11-1 711352]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-11-1 711352]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-15 20464]

R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-15 652360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]

S3 SQTECH913D;Photo Frame;c:\windows\system32\drivers\Capt8080.sys [2008-5-7 16640]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2007-8-8 77004]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2008-12-20 77312]

SUnknown mbamchameleon;mbamchameleon; [x]

.

=============== File Associations ===============

.

cmdfile=NOTEPAD.EXE %1

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-02-04 14:06:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-02-04 14:06:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-02-04 14:06:49 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2012-02-04 14:06:49 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2012-02-04 14:06:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-02-04 14:06:49 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2012-02-04 14:06:48 818136 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2012-02-04 14:06:48 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-02-04 14:06:48 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-02-04 14:06:48 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-02-04 14:06:48 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-02-04 14:06:48 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2012-02-03 19:48:38 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4055ce6-4f8e-4c06-94fd-7153f9799e0f}\MpKsl308ebcf2.sys

2012-02-03 19:48:33 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4055ce6-4f8e-4c06-94fd-7153f9799e0f}\offreg.dll

2012-02-03 19:42:18 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4055ce6-4f8e-4c06-94fd-7153f9799e0f}\mpengine.dll

2012-02-02 23:44:26 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2012-02-02 23:43:51 56200 ----a-w- c:\windows\system32\offreg.dll

2012-02-01 03:50:26 -------- d-----w- C:\2nd Story Software

2012-01-18 08:13:11 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-18 08:13:11 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-18 08:13:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-18 08:13:09 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-18 08:13:08 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-18 08:13:08 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-16 08:27:06 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-01-11 20:10:05 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 20:09:58 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 20:09:58 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 20:09:55 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 20:09:27 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 20:09:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-01-11 20:07:37 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 20:07:37 1314816 ----a-w- c:\windows\system32\quartz.dll

.

==================== Find3M ====================

.

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 19:51:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-06 19:51:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-12-15 14:18:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 10:14:36.20 ===============

and this log too:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/13/2007 9:30:02 AM

System Uptime: 2/3/2012 2:09:32 PM (20 hours ago)

.

Motherboard: TOSHIBA | | IALAA

Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 148 GiB total, 74.984 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1984: 1/26/2012 3:38:16 AM - Windows Update

RP1985: 1/27/2012 3:00:12 AM - Windows Update

RP1986: 1/27/2012 3:38:12 AM - Windows Update

RP1987: 1/28/2012 3:00:34 AM - Windows Update

RP1988: 1/28/2012 7:19:52 AM - Windows Update

RP1989: 1/29/2012 3:00:32 AM - Windows Update

RP1990: 1/29/2012 12:45:30 PM - Windows Update

RP1991: 1/30/2012 3:00:14 AM - Windows Update

RP1992: 1/31/2012 3:00:41 AM - Windows Update

RP1993: 1/31/2012 12:15:40 PM - Windows Update

RP1994: 1/31/2012 6:43:36 PM - Windows Update

RP1995: 2/1/2012 3:00:42 AM - Windows Update

RP1996: 2/1/2012 12:31:12 PM - Windows Update

RP1997: 2/2/2012 3:00:38 AM - Windows Update

RP1998: 2/2/2012 3:02:21 AM - Scheduled Checkpoint

RP1999: 2/2/2012 3:59:10 PM - Windows Update

RP2000: 2/3/2012 3:00:34 AM - Windows Update

RP2001: 2/3/2012 10:14:08 AM - Windows Update

RP2002: 2/3/2012 11:40:51 AM - Windows Update

RP2003: 2/4/2012 3:00:15 AM - Windows Update

RP2004: 2/4/2012 6:03:44 AM - Removed Java 6 Update 7

RP2005: 2/4/2012 6:05:08 AM - Removed Java 6 Update 7

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

a-squared HiJackFree 3.1

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11

ALPS Touch Pad Driver

American Greetings® Print! Premium 2

Apple Software Update

ArcSoft PhotoImpression 4

Atheros Driver Installation Program

ATI Catalyst Install Manager

ATI Uninstaller

Bluetooth Stack for Windows by Toshiba

CA Yahoo! Anti-Spy (remove only)

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Norwegian

ccc-core-static

ccc-utility

CCC Help Chinese Traditional

CD/DVD Drive Acoustic Silencer

CleanUp!

DVD MovieFactory for TOSHIBA

E-Z Audit Version 10

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON NX125 NX127 Series Printer Uninstall

EPSON Printer Software

EPSON Scan

GearDrvs

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Print Diagnostic Utility

Ink Monitor

Internet Offers

iolo technologies' System Mechanic

Java 6 Update 11

Java 6 Update 7

Java SE Runtime Environment 6

LTCM Client

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.3

Microsoft IntelliType Pro 6.3

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote 2003

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

Microsoft Works

Microsoft XML Parser

Mozilla Firefox 10.0 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

oggcodecs 0.71.0946

PC Pitstop Exterminate2 2.0

Photo Organizer

PhotoFrame

Picasa 3

PowerDesk 6

Protector Suite QL 5.6

QuickTime

Realtek High Definition Audio Driver

RunAlyzer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Skins

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TaxACT 2001

TaxACT 2002

TaxACT 2003

TaxACT 2005 Preparer's - 1040 Edition

TaxACT 2006 Preparer's - 1040 Edition

TaxACT 2007 Preparer's - 1040 Edition

TaxACT 2011 Preparer's - 1040 Edition

Texas Instruments PCIxx21/x515/xx12 drivers.

The Print Shop

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Uninstall Dual Mode Camera

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live OneCare safety scanner

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WOT for Internet Explorer

Yahoo! Browser Services

Yahoo! Messenger

Yahoo! Music Jukebox

Yahoo! Search Protection

.

==== Event Viewer Messages From Past Week ========

.

2/3/2012 11:25:55 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .

2/3/2012 11:25:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/3/2012 11:25:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/3/2012 11:25:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 iaStorV intelppm

2/3/2012 11:25:49 AM, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The request is not supported.

2/3/2012 11:25:49 AM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The request is not supported.

2/3/2012 11:25:49 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/3/2012 11:25:49 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/3/2012 11:25:49 AM, Error: Service Control Manager [7000] - The High-Capacity Floppy Disk Drive service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/3/2012 11:25:47 AM, Error: Microsoft-Windows-WAS [5172] - The Windows Process Activation Service encountered an error trying to read configuration data from file '\\?\C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config', line number '146'. The error message is: 'The configuration section 'system.serviceModel' cannot be read because it is missing a section declaration '. The data field contains the error number.

2/3/2012 11:25:47 AM, Error: Microsoft-Windows-WAS [5036] - The configuration manager for Windows Process Activation Service (WAS) did not initialize. The data field contains the error number.

2/3/2012 11:25:47 AM, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

2/3/2012 11:25:44 AM, Error: Microsoft-Windows-IIS-APPHOSTSVC [9006] - The Application Host Helper Service encountered an error trying to process the configuration data for config history. The feature will be disabled. To resolve this issue, please confirm that the configuration file is correct, has correct attribute values for config history and recommit the changes. The feature will be enabled again if the configuration is correct. The data field contains the error number.

2/3/2012 11:25:44 AM, Error: Microsoft-Windows-IIS-APPHOSTSVC [9000] - The Application Host Helper Service encountered an error while reading the data for SID mapping. Please ensure that the application pool name data is correct in the configuration file. To resolve this issue, please recommit the changes or restart this service. The data field contains the error number.

2/2/2012 7:14:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

2/1/2012 11:53:00 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

1/31/2012 6:58:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

1/31/2012 6:58:45 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/31/2012 6:58:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/31/2012 3:10:25 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.905.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/30/2012 5:23:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.905.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

[Elise]

Hello again, can you post me also the TDSSkiller log showing the suspicious items?

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[toots]

Ok, here is the Combo Fix log:

ComboFix 12-02-05.01 - Magic 02/04/2012 14:03:32.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.787 [GMT -8:00]

Running from: c:\users\Magic\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Images

c:\images\Flyer\Tax Flyer.jpg

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Guest Account\GoToAssistStarter.exe

c:\users\Magic\GoToAssistDownloadHelper.exe

c:\windows\system32\service

c:\windows\system32\service\28122008_TIS17_SfFniAU.log

.

.

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

.

.

2012-02-04 22:18 . 2012-02-04 22:18 -------- d-----w- c:\users\User\AppData\Local\temp

2012-02-04 22:17 . 2012-02-04 22:17 -------- d-----w- c:\users\Second Administrator\AppData\Local\temp

2012-02-04 22:17 . 2012-02-04 22:17 -------- d-----w- c:\users\Guest Account\AppData\Local\temp

2012-02-04 22:17 . 2012-02-04 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-04 22:17 . 2012-02-04 22:17 -------- d-----w- c:\users\Administrator.Magic-PC\AppData\Local\temp

2012-02-04 18:25 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8C7C42-0C35-4C9D-9A0A-2BD637F80648}\mpengine.dll

2012-02-04 14:06 . 2012-02-04 14:06 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-02-04 14:06 . 2012-02-04 14:06 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-04 14:06 . 2012-02-04 14:06 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-02-04 14:06 . 2012-02-04 14:06 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2012-02-04 14:06 . 2012-02-04 14:06 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2012-02-04 14:06 . 2012-02-04 14:06 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2012-02-04 14:06 . 2012-02-04 14:06 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2012-02-04 14:06 . 2012-02-04 14:06 818136 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2012-02-04 14:06 . 2012-02-04 14:06 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-04 14:06 . 2012-02-04 14:06 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-02-04 14:06 . 2012-02-04 14:06 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-02-04 14:06 . 2012-02-04 14:06 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-02-02 23:44 . 2012-01-06 19:29 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2012-02-02 23:43 . 2010-02-09 05:59 56200 ----a-w- c:\windows\system32\offreg.dll

2012-02-01 03:50 . 2012-02-01 03:50 -------- d-----w- C:\2nd Story Software

2012-01-18 08:13 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-18 08:13 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-18 08:13 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-18 08:13 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-18 08:13 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-18 08:13 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-16 08:27 . 2012-02-03 03:28 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-01-11 20:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 20:09 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 20:09 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 20:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 20:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 20:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-01-11 20:07 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 20:07 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2009-10-05 02:58 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 19:51 . 2011-11-02 00:49 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-06 19:51 . 2011-11-02 00:49 11776 ----a-w- c:\windows\system32\smrgdf.exe

2012-01-06 04:19 . 2011-05-23 03:35 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 14:18 . 2011-07-29 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 23:24 . 2011-12-15 18:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37 . 2011-12-14 19:29 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 14:42 . 2011-12-14 19:29 2048 ----a-w- c:\windows\system32\tzres.dll

2012-02-04 14:06 . 2012-02-04 14:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-06-30 21:44 . 2009-01-24 00:22 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2006-12-03 23:58 . 2008-07-03 17:45 864768 ----a-w- c:\program files\mozilla firefox\components\pbgk1_8.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-01 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]

.

c:\users\Second Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoPrintSharing"= 1 (0x1)

"NoFileSharing"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2012-02-01 19:52 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-01-24 04:17 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-02-01 19:52 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

"Apoint"=c:\program files\Apoint2K\Apoint.exe

"MSConfig"="c:\windows\system32\msconfig.exe" /auto

"Skytel"=Skytel.exe

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1680686838-448954657-3673838185-1000]

"EnableNotificationsRef"=dword:00000004

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1680686838-448954657-3673838185-1002]

"EnableNotificationsRef"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 86980793

*NewlyCreated* - MPKSL308EBCF2

*Deregistered* - 86980793

*Deregistered* - MpKsl308ebcf2

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Magic\AppData\Roaming\Mozilla\Firefox\Profiles\tlmwhfb0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.justice.gov/eoir/vll/benchbook/templates/benchbook%20cancellation%20240A(a)%20template%201%20upload%201-30-08.htm

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.type - 4

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-04 14:18

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="YMP.Media"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-02-04 14:22:37

ComboFix-quarantined-files.txt 2012-02-04 22:22

ComboFix2.txt 2008-06-30 17:25

.

Pre-Run: 80,476,753,920 bytes free

Post-Run: 82,670,198,784 bytes free

.

- - End Of File - - 2903189593A300CB585B50B055989BD4

The TDS Skiller wouldn't let me copy the text in the report. Should I try to run it again or not? I did list in my first post the 6 files it identified as suspicious as they were unsigned driver files I believe.

[Elise]

Yes, please rerun TDSSkiller again and try to post the complete log.

How are things running at this point?

[toots]

I reran the TDS Skiller and again I was not able to copy and paste the report. When I highlight the text and then right click the mouse no window pops open with options to copy the highlighted text. The program did not find anything this run though. Is there another way I can get the report to copy?

My computer is still slow, when I place my mouse over the list of programs a blank box/window appears and only after 20 or 30 seconds does the box/window actually fill in with the programs list.

Also, I just updated a program and during the updating process the window around the outside said it was (Not Responding) yet I believe it did completely update anyways.

And my computer is still not saving any files to the computer or within a program. This is the same original problem that existed when we began days ago.

What do you suggest now?

[Elise]

I would like to do an additional rootkit scan here. This may be a bit more complicated, but will give us a more reliable result. If you have any question about the steps that follow, just let me know!

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
  
• A new folder will appear on the desktop.
  
• Open the GETxPUD folder and click on the get&burn.bat
  
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  
• Click on Start and follow the prompts to burn the image to a CD.
  
• Remove the USB & CD and insert it in the sick computer
  
• Boot the Sick computer with the CD you just burned
  
• The computer must be set to boot from the CD
  
• Gently tap F12 and choose to boot from the CD
  
• Follow the prompts
  
• A Welcome to xPUD screen will appear
  
• Press File
  
• Expand mnt
  
• sda1,2...usually corresponds to your HDD
  
• sdb1 is likely your USB
  
• Click on the folder that represents your USB drive (sdb1 ?)
  
• Press Tool at the top
  
• Choose Open Terminal
  
• Type the following and press enter:
  dd if=/dev/sda of=mbr.bin bs=512 count=1
  
• Press Enter
  
• After it has finished a file will be located on your USB drive named mbr.bin
  
• Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
  

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

[toots]

I only have this one computer available to me. I do not have another clean computer. What else?

[Elise]

As long as you can download using this computer, you can create it on this one.

[toots]

Ok, I tried to follow your instructions but I ran into a problem. Your instructions say to do the following:

Download GETxPUD.exe to the desktop of your clean computer - I explained I didn't have a clean computer and you said use the dirty one

When I download I am not given a choice as to where to download to. The files automatically download to a download folder and it is not on my desktop. So I move the files to my desktop - hope that works ok.

next instruction:

Open the GETxPUD folder and click on the get&burn.bat - I did as instructed

next instruction:

The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image - I did as instructed

next instruction:

Click on Start and foloow the prompts to burn the image to a CD - I did as instructed

next instruction:

Remove the USB & CD and insert it in the sick computer - Problem! Remove the USB? What USB?

Please explain your instruction as I do not understand where to remove what USB.

[Elise]

You can leave the CD in the computer and plug in also an USB drive (we need this to save a file to, it doesn't matter what is on it, as long as it has some free space left on it).

[toots]

OK, I burned the image to a CD, rebooted, tapped F12 and the screen that came up showed various options to boot from. It appeared that my computer was already set to boot from CD first, I believe I remember making this setting selection when I first bought the PC. At the bottom of the screen was the selection button to continue and after I clicked to continue I was asked for the bios password . . . which of course I do not remember, I proceeded with the instructions believing the PC is already set to boot from CD first and placed the CD in the drive and escaped from bios to continue the reboot. The disk drive lit up and spun the disk but nothing happened, the PC booted up as normal. The welcome to xPUD screen did not appear. I'm going to try again, just to be sure I did everything correctly and I'll post the results then. I figured I'd better let you know what was going on in case you were going to close the thread for lack of response. Thanks.

[Elise]

Thank you for letting me know! For the record, a BIOS password can be reset by removing the CMOS battery on the motherboard for a few seconds.

[toots]

OK, I'll remove the battery and let you know what happens from there.

I was able to obtain the TDSSKiller file so hopfully it attaches to this post. No good, when I select Chose File at the bottom of this page, nothing happens. I have the file on a usb any suggestions on how I can get it to you?

[Elise]

You can just copy/paste its contents here.

[toots]

I accessed the file through a command prompt window and cannot copy/paste. The program detected 6 unsigned driver files specifically one within C:\Windows\Drivers\Capt8080.sys SQTECH913D < UnsignedFile.Multi.Generic > warning detected (1)

The last few lines of the scan are as follows:

00:32:10. 0110 5384 Scan Finished

00:32:10. 0110 5384

00:32:10.0126 5376 Detected Object Count 6

00:32:10. 0126 5376 Actual Detected Object Count 6

00:42:34.0861 5376 AFS < UnsignedFile.Multi.Generic > - Skipped by User

00:42:34.0861 5376 AFS < UnsignedFile.Multi.Generic > - User Select Action: Skip

00:42:34.0861 5376 JL2005C < UnsignedFile.Multi.Generic > -Skipped by User

Does this help any?

[toots]

Duh, I got it now! Sorry!

23:25:47.0990 3032 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

23:25:48.0426 3032 ============================================================

23:25:48.0426 3032 Current date / time: 2012/02/03 23:25:48.0426

23:25:48.0426 3032 SystemInfo:

23:25:48.0426 3032

23:25:48.0426 3032 OS Version: 6.0.6002 ServicePack: 2.0

23:25:48.0426 3032 Product type: Workstation

23:25:48.0426 3032 ComputerName: MAGIC-PC

23:25:48.0426 3032 UserName: Magic

23:25:48.0426 3032 Windows directory: C:\Windows

23:25:48.0426 3032 System windows directory: C:\Windows

23:25:48.0426 3032 Processor architecture: Intel x86

23:25:48.0426 3032 Number of processors: 2

23:25:48.0426 3032 Page size: 0x1000

23:25:48.0426 3032 Boot type: Normal boot

23:25:48.0426 3032 ============================================================

23:25:51.0406 3032 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:25:51.0468 3032 Drive \Device\Harddisk1\DR1 - Size: 0x1EA00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

23:25:51.0468 3032 \Device\Harddisk0\DR0:

23:25:51.0484 3032 MBR used

23:25:51.0484 3032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000

23:25:51.0484 3032 \Device\Harddisk1\DR1:

23:25:51.0484 3032 MBR used

23:25:51.0484 3032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF4FE0

23:25:51.0515 3032 Initialize success

23:25:51.0515 3032 ============================================================

23:25:57.0568 2976 ============================================================

23:25:57.0568 2976 Scan started

23:25:57.0568 2976 Mode: Manual;

23:25:57.0568 2976 ============================================================

23:25:58.0457 2976 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

23:25:58.0457 2976 ACPI - ok

23:25:58.0598 2976 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

23:25:58.0598 2976 adp94xx - ok

23:25:58.0738 2976 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

23:25:58.0754 2976 adpahci - ok

23:25:58.0832 2976 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

23:25:58.0832 2976 adpu160m - ok

23:25:58.0910 2976 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

23:25:58.0941 2976 adpu320 - ok

23:25:59.0019 2976 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

23:25:59.0019 2976 AFD - ok

23:25:59.0159 2976 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys

23:25:59.0159 2976 AFS - ok

23:25:59.0268 2976 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

23:25:59.0300 2976 AgereSoftModem - ok

23:25:59.0393 2976 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

23:25:59.0393 2976 agp440 - ok

23:25:59.0440 2976 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:25:59.0440 2976 aic78xx - ok

23:25:59.0471 2976 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

23:25:59.0471 2976 aliide - ok

23:25:59.0518 2976 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

23:25:59.0518 2976 amdagp - ok

23:25:59.0643 2976 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

23:25:59.0658 2976 amdide - ok

23:25:59.0690 2976 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

23:25:59.0690 2976 AmdK7 - ok

23:25:59.0721 2976 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

23:25:59.0721 2976 AmdK8 - ok

23:25:59.0768 2976 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

23:25:59.0768 2976 ApfiltrService - ok

23:25:59.0908 2976 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

23:25:59.0908 2976 arc - ok

23:25:59.0939 2976 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

23:25:59.0939 2976 arcsas - ok

23:25:59.0986 2976 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:25:59.0986 2976 AsyncMac - ok

23:26:00.0111 2976 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

23:26:00.0111 2976 atapi - ok

23:26:00.0220 2976 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys

23:26:00.0236 2976 athr - ok

23:26:00.0501 2976 atikmdag (462a206dda06fb77af792a009375c899) C:\Windows\system32\DRIVERS\atikmdag.sys

23:26:00.0579 2976 atikmdag - ok

23:26:00.0688 2976 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:26:00.0688 2976 Beep - ok

23:26:00.0735 2976 blbdrive - ok

23:26:00.0782 2976 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

23:26:00.0782 2976 bowser - ok

23:26:00.0828 2976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:26:00.0828 2976 BrFiltLo - ok

23:26:01.0000 2976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:26:01.0000 2976 BrFiltUp - ok

23:26:01.0031 2976 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:26:01.0031 2976 Brserid - ok

23:26:01.0062 2976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:26:01.0062 2976 BrSerWdm - ok

23:26:01.0094 2976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:26:01.0094 2976 BrUsbMdm - ok

23:26:01.0125 2976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:26:01.0125 2976 BrUsbSer - ok

23:26:01.0234 2976 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:26:01.0234 2976 BTHMODEM - ok

23:26:01.0281 2976 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:26:01.0281 2976 cdfs - ok

23:26:01.0328 2976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

23:26:01.0328 2976 cdrom - ok

23:26:01.0421 2976 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

23:26:01.0421 2976 circlass - ok

23:26:01.0484 2976 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

23:26:01.0484 2976 CLFS - ok

23:26:01.0562 2976 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

23:26:01.0562 2976 CmBatt - ok

23:26:01.0655 2976 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

23:26:01.0655 2976 cmdide - ok

23:26:01.0718 2976 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

23:26:01.0718 2976 Compbatt - ok

23:26:01.0749 2976 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

23:26:01.0749 2976 crcdisk - ok

23:26:01.0796 2976 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

23:26:01.0796 2976 Crusoe - ok

23:26:01.0905 2976 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

23:26:01.0905 2976 DfsC - ok

23:26:01.0967 2976 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

23:26:01.0967 2976 disk - ok

23:26:02.0030 2976 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:26:02.0045 2976 drmkaud - ok

23:26:02.0466 2976 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

23:26:02.0466 2976 DXGKrnl - ok

23:26:02.0591 2976 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:26:02.0591 2976 E1G60 - ok

23:26:02.0685 2976 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

23:26:02.0685 2976 Ecache - ok

23:26:02.0763 2976 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys

23:26:02.0763 2976 ElRawDisk - ok

23:26:02.0810 2976 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

23:26:02.0825 2976 elxstor - ok

23:26:02.0934 2976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

23:26:02.0934 2976 exfat - ok

23:26:02.0997 2976 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

23:26:03.0012 2976 fastfat - ok

23:26:03.0044 2976 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

23:26:03.0044 2976 fdc - ok

23:26:03.0153 2976 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:26:03.0153 2976 FileInfo - ok

23:26:03.0215 2976 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:26:03.0215 2976 Filetrace - ok

23:26:03.0262 2976 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

23:26:03.0262 2976 flpydisk - ok

23:26:03.0371 2976 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

23:26:03.0371 2976 FltMgr - ok

23:26:03.0434 2976 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:26:03.0434 2976 Fs_Rec - ok

23:26:03.0465 2976 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

23:26:03.0480 2976 gagp30kx - ok

23:26:03.0558 2976 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys

23:26:03.0574 2976 GEARAspiWDM - ok

23:26:03.0668 2976 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:26:03.0668 2976 HdAudAddService - ok

23:26:03.0808 2976 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:26:03.0824 2976 HDAudBus - ok

23:26:03.0917 2976 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:26:03.0917 2976 HidBth - ok

23:26:03.0948 2976 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:26:03.0948 2976 HidIr - ok

23:26:04.0011 2976 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

23:26:04.0011 2976 HidUsb - ok

23:26:04.0042 2976 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

23:26:04.0042 2976 HpCISSs - ok

23:26:04.0167 2976 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

23:26:04.0198 2976 HTTP - ok

23:26:04.0307 2976 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

23:26:04.0307 2976 i2omp - ok

23:26:04.0354 2976 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:26:04.0354 2976 i8042prt - ok

23:26:04.0401 2976 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

23:26:04.0401 2976 iaStorV - ok

23:26:04.0510 2976 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:26:04.0510 2976 iirsp - ok

23:26:04.0604 2976 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys

23:26:04.0635 2976 IntcAzAudAddService - ok

23:26:04.0744 2976 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

23:26:04.0744 2976 intelide - ok

23:26:04.0775 2976 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

23:26:04.0775 2976 intelppm - ok

23:26:04.0838 2976 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:26:04.0838 2976 IpFilterDriver - ok

23:26:04.0947 2976 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

23:26:04.0947 2976 IPMIDRV - ok

23:26:04.0994 2976 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:26:04.0994 2976 IPNAT - ok

23:26:05.0040 2976 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:26:05.0040 2976 IRENUM - ok

23:26:05.0087 2976 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

23:26:05.0087 2976 isapnp - ok

23:26:05.0196 2976 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

23:26:05.0196 2976 iScsiPrt - ok

23:26:05.0243 2976 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:26:05.0243 2976 iteatapi - ok

23:26:05.0274 2976 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:26:05.0274 2976 iteraid - ok

23:26:05.0306 2976 JL2005C (03ca5f0eb17c33d79ef90c4cc21e80db) C:\Windows\system32\Drivers\jl2005c.sys

23:26:05.0321 2976 JL2005C - ok

23:26:05.0430 2976 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:26:05.0430 2976 kbdclass - ok

23:26:05.0446 2976 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

23:26:05.0462 2976 kbdhid - ok

23:26:05.0508 2976 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys

23:26:05.0508 2976 KR10I - ok

23:26:05.0555 2976 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys

23:26:05.0555 2976 KR10N - ok

23:26:05.0664 2976 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys

23:26:05.0680 2976 KR3NPXP - ok

23:26:05.0820 2976 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

23:26:05.0820 2976 KSecDD - ok

23:26:05.0914 2976 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:26:05.0930 2976 lltdio - ok

23:26:06.0023 2976 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

23:26:06.0023 2976 LPCFilter - ok

23:26:06.0070 2976 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

23:26:06.0070 2976 LSI_FC - ok

23:26:06.0117 2976 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

23:26:06.0117 2976 LSI_SAS - ok

23:26:06.0132 2976 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

23:26:06.0148 2976 LSI_SCSI - ok

23:26:06.0226 2976 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:26:06.0226 2976 luafv - ok

23:26:06.0288 2976 mbamchameleon (96c57f15a2b2015aa88d62a3e9daebc8) C:\Windows\system32\drivers\mbamchameleon.sys

23:26:06.0288 2976 mbamchameleon - ok

23:26:06.0335 2976 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

23:26:06.0335 2976 MBAMProtector - ok

23:26:06.0429 2976 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

23:26:06.0429 2976 megasas - ok

23:26:06.0507 2976 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:26:06.0507 2976 Modem - ok

23:26:06.0538 2976 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:26:06.0538 2976 monitor - ok

23:26:06.0585 2976 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:26:06.0585 2976 mouclass - ok

23:26:06.0678 2976 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

23:26:06.0678 2976 mouhid - ok

23:26:06.0725 2976 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:26:06.0741 2976 MountMgr - ok

23:26:06.0772 2976 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

23:26:06.0772 2976 MpFilter - ok

23:26:06.0866 2976 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

23:26:06.0866 2976 mpio - ok

23:26:07.0006 2976 MpKsl308ebcf2 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4055CE6-4F8E-4C06-94FD-7153F9799E0F}\MpKsl308ebcf2.sys

23:26:07.0022 2976 MpKsl308ebcf2 - ok

23:26:07.0115 2976 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

23:26:07.0115 2976 MpNWMon - ok

23:26:07.0162 2976 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:26:07.0162 2976 mpsdrv - ok

23:26:07.0209 2976 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:26:07.0209 2976 Mraid35x - ok

23:26:07.0256 2976 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

23:26:07.0271 2976 MRxDAV - ok

23:26:07.0380 2976 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:26:07.0380 2976 mrxsmb - ok

23:26:07.0443 2976 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:26:07.0443 2976 mrxsmb10 - ok

23:26:07.0474 2976 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:26:07.0474 2976 mrxsmb20 - ok

23:26:07.0521 2976 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

23:26:07.0521 2976 msahci - ok

23:26:07.0630 2976 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

23:26:07.0630 2976 msdsm - ok

23:26:07.0692 2976 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:26:07.0692 2976 Msfs - ok

23:26:07.0739 2976 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:26:07.0739 2976 msisadrv - ok

23:26:07.0848 2976 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:26:07.0848 2976 MSKSSRV - ok

23:26:07.0880 2976 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:26:07.0880 2976 MSPCLOCK - ok

23:26:07.0926 2976 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:26:07.0926 2976 MSPQM - ok

23:26:07.0958 2976 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

23:26:07.0958 2976 MsRPC - ok

23:26:08.0067 2976 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:26:08.0082 2976 mssmbios - ok

23:26:08.0114 2976 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:26:08.0114 2976 MSTEE - ok

23:26:08.0176 2976 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

23:26:08.0176 2976 Mup - ok

23:26:08.0285 2976 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

23:26:08.0301 2976 NativeWifiP - ok

23:26:08.0363 2976 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

23:26:08.0363 2976 NDIS - ok

23:26:08.0457 2976 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:26:08.0457 2976 NdisTapi - ok

23:26:08.0519 2976 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:26:08.0519 2976 Ndisuio - ok

23:26:08.0550 2976 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

23:26:08.0550 2976 NdisWan - ok

23:26:08.0597 2976 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:26:08.0613 2976 NDProxy - ok

23:26:08.0722 2976 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:26:08.0722 2976 NetBIOS - ok

23:26:08.0769 2976 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

23:26:08.0769 2976 netbt - ok

23:26:08.0831 2976 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:26:08.0831 2976 nfrd960 - ok

23:26:08.0878 2976 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:26:08.0878 2976 NisDrv - ok

23:26:09.0018 2976 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

23:26:09.0018 2976 Npfs - ok

23:26:09.0065 2976 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:26:09.0065 2976 nsiproxy - ok

23:26:09.0143 2976 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

23:26:09.0159 2976 Ntfs - ok

23:26:09.0268 2976 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:26:09.0268 2976 ntrigdigi - ok

23:26:09.0299 2976 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

23:26:09.0299 2976 NuidFltr - ok

23:26:09.0330 2976 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:26:09.0330 2976 Null - ok

23:26:09.0362 2976 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

23:26:09.0362 2976 nvraid - ok

23:26:09.0471 2976 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

23:26:09.0471 2976 nvstor - ok

23:26:09.0502 2976 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

23:26:09.0518 2976 nv_agp - ok

23:26:09.0564 2976 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

23:26:09.0564 2976 ohci1394 - ok

23:26:09.0611 2976 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

23:26:09.0611 2976 Parport - ok

23:26:09.0720 2976 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

23:26:09.0720 2976 partmgr - ok

23:26:09.0767 2976 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

23:26:09.0767 2976 Parvdm - ok

23:26:09.0830 2976 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

23:26:09.0830 2976 pci - ok

23:26:09.0923 2976 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

23:26:09.0923 2976 pciide - ok

23:26:09.0986 2976 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

23:26:10.0001 2976 pcmcia - ok

23:26:10.0064 2976 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:26:10.0079 2976 PEAUTH - ok

23:26:10.0235 2976 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys

23:26:10.0235 2976 Point32 - ok

23:26:10.0266 2976 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:26:10.0266 2976 PptpMiniport - ok

23:26:10.0313 2976 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

23:26:10.0329 2976 Processor - ok

23:26:10.0360 2976 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

23:26:10.0376 2976 PSched - ok

23:26:10.0500 2976 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

23:26:10.0516 2976 ql2300 - ok

23:26:10.0625 2976 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:26:10.0625 2976 ql40xx - ok

23:26:10.0656 2976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:26:10.0672 2976 QWAVEdrv - ok

23:26:10.0703 2976 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:26:10.0719 2976 RasAcd - ok

23:26:10.0890 2976 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:26:10.0890 2976 Rasl2tp - ok

23:26:10.0937 2976 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

23:26:10.0937 2976 RasPppoe - ok

23:26:11.0015 2976 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

23:26:11.0015 2976 RasSstp - ok

23:26:11.0124 2976 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

23:26:11.0124 2976 rdbss - ok

23:26:11.0171 2976 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:26:11.0171 2976 RDPCDD - ok

23:26:11.0234 2976 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

23:26:11.0234 2976 rdpdr - ok

23:26:11.0343 2976 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:26:11.0343 2976 RDPENCDD - ok

23:26:11.0390 2976 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

23:26:11.0405 2976 RDPWD - ok

23:26:11.0452 2976 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys

23:26:11.0452 2976 RMCAST - ok

23:26:11.0561 2976 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:26:11.0561 2976 rspndr - ok

23:26:11.0608 2976 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys

23:26:11.0608 2976 RTL8169 - ok

23:26:11.0686 2976 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

23:26:11.0686 2976 SASDIFSV - ok

23:26:11.0717 2976 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

23:26:11.0717 2976 SASENUM - ok

23:26:11.0748 2976 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

23:26:11.0748 2976 SASKUTIL - ok

23:26:11.0858 2976 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:26:11.0858 2976 sbp2port - ok

23:26:11.0920 2976 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

23:26:11.0936 2976 sdbus - ok

23:26:11.0982 2976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:26:11.0982 2976 secdrv - ok

23:26:12.0092 2976 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

23:26:12.0092 2976 Serenum - ok

23:26:12.0138 2976 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

23:26:12.0138 2976 Serial - ok

23:26:12.0185 2976 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:26:12.0185 2976 sermouse - ok

23:26:12.0232 2976 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

23:26:12.0232 2976 sffdisk - ok

23:26:12.0341 2976 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

23:26:12.0341 2976 sffp_mmc - ok

23:26:12.0388 2976 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

23:26:12.0388 2976 sffp_sd - ok

23:26:12.0419 2976 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:26:12.0419 2976 sfloppy - ok

23:26:12.0544 2976 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

23:26:12.0560 2976 sisagp - ok

23:26:12.0606 2976 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

23:26:12.0606 2976 SiSRaid2 - ok

23:26:12.0622 2976 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

23:26:12.0638 2976 SiSRaid4 - ok

23:26:12.0684 2976 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

23:26:12.0684 2976 Smb - ok

23:26:12.0809 2976 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:26:12.0825 2976 spldr - ok

23:26:12.0872 2976 SQTECH913D (7af1dea797df3498abc193a1496d34f7) C:\Windows\system32\Drivers\Capt8080.sys

23:26:12.0872 2976 SQTECH913D - ok

23:26:12.0918 2976 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

23:26:12.0918 2976 srv - ok

23:26:13.0028 2976 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

23:26:13.0043 2976 srv2 - ok

23:26:13.0074 2976 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

23:26:13.0090 2976 srvnet - ok

23:26:13.0137 2976 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:26:13.0137 2976 swenum - ok

23:26:13.0246 2976 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:26:13.0246 2976 Symc8xx - ok

23:26:13.0277 2976 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:26:13.0277 2976 Sym_hi - ok

23:26:13.0308 2976 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:26:13.0308 2976 Sym_u3 - ok

23:26:13.0355 2976 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys

23:26:13.0355 2976 SynTP - ok

23:26:13.0433 2976 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

23:26:13.0464 2976 Tcpip - ok

23:26:13.0589 2976 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

23:26:13.0605 2976 Tcpip6 - ok

23:26:13.0714 2976 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

23:26:13.0714 2976 tcpipreg - ok

23:26:13.0745 2976 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys

23:26:13.0761 2976 TcUsb - ok

23:26:13.0808 2976 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

23:26:13.0808 2976 tdcmdpst - ok

23:26:13.0839 2976 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:26:13.0839 2976 TDPIPE - ok

23:26:13.0948 2976 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:26:13.0948 2976 TDTCP - ok

23:26:13.0995 2976 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

23:26:13.0995 2976 tdx - ok

23:26:14.0042 2976 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

23:26:14.0042 2976 TermDD - ok

23:26:14.0166 2976 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys

23:26:14.0182 2976 tifm21 - ok

23:26:14.0291 2976 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

23:26:14.0291 2976 tos_sps32 - ok

23:26:14.0400 2976 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:26:14.0400 2976 tssecsrv - ok

23:26:14.0478 2976 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:26:14.0478 2976 tunmp - ok

23:26:14.0510 2976 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

23:26:14.0510 2976 tunnel - ok

23:26:14.0619 2976 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

23:26:14.0619 2976 TVALZ - ok

23:26:14.0681 2976 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

23:26:14.0681 2976 uagp35 - ok

23:26:14.0728 2976 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

23:26:14.0728 2976 udfs - ok

23:26:14.0837 2976 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

23:26:14.0837 2976 uliagpkx - ok

23:26:14.0915 2976 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

23:26:14.0915 2976 uliahci - ok

23:26:15.0009 2976 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:26:15.0024 2976 UlSata - ok

23:26:15.0071 2976 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:26:15.0071 2976 ulsata2 - ok

23:26:15.0118 2976 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:26:15.0118 2976 umbus - ok

23:26:15.0212 2976 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

23:26:15.0212 2976 usbccgp - ok

23:26:15.0274 2976 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:26:15.0290 2976 usbcir - ok

23:26:15.0336 2976 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

23:26:15.0336 2976 usbehci - ok

23:26:15.0430 2976 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

23:26:15.0446 2976 usbhub - ok

23:26:15.0508 2976 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

23:26:15.0508 2976 usbohci - ok

23:26:15.0555 2976 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:26:15.0555 2976 usbprint - ok

23:26:15.0648 2976 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

23:26:15.0664 2976 usbscan - ok

23:26:15.0726 2976 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:26:15.0726 2976 USBSTOR - ok

23:26:15.0773 2976 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

23:26:15.0773 2976 usbuhci - ok

23:26:15.0851 2976 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

23:26:15.0851 2976 usbvideo - ok

23:26:15.0929 2976 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

23:26:15.0929 2976 vga - ok

23:26:15.0960 2976 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:26:15.0960 2976 VgaSave - ok

23:26:16.0070 2976 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

23:26:16.0070 2976 viaagp - ok

23:26:16.0132 2976 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

23:26:16.0132 2976 ViaC7 - ok

23:26:16.0163 2976 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

23:26:16.0163 2976 viaide - ok

23:26:16.0210 2976 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:26:16.0210 2976 volmgr - ok

23:26:16.0319 2976 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

23:26:16.0319 2976 volmgrx - ok

23:26:16.0444 2976 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

23:26:16.0444 2976 volsnap - ok

23:26:16.0506 2976 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

23:26:16.0506 2976 vsmraid - ok

23:26:16.0631 2976 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:26:16.0631 2976 WacomPen - ok

23:26:16.0694 2976 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:26:16.0694 2976 Wanarp - ok

23:26:16.0709 2976 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:26:16.0709 2976 Wanarpv6 - ok

23:26:16.0865 2976 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

23:26:16.0865 2976 Wd - ok

23:26:16.0912 2976 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:26:16.0928 2976 Wdf01000 - ok

23:26:17.0115 2976 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

23:26:17.0115 2976 WmiAcpi - ok

23:26:17.0177 2976 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

23:26:17.0177 2976 WpdUsb - ok

23:26:17.0240 2976 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:26:17.0240 2976 ws2ifsl - ok

23:26:17.0349 2976 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:26:17.0349 2976 WUDFRd - ok

23:26:17.0380 2976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

23:26:17.0598 2976 \Device\Harddisk0\DR0 - ok

23:26:17.0598 2976 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1

23:26:17.0879 2976 \Device\Harddisk1\DR1 - ok

23:26:17.0879 2976 Boot (0x1200) (d839a252520b6c7c5e602299d0db3a6e) \Device\Harddisk0\DR0\Partition0

23:26:17.0879 2976 \Device\Harddisk0\DR0\Partition0 - ok

23:26:17.0895 2976 Boot (0x1200) (0514f3781bb456aab6c5863eaa8d5169) \Device\Harddisk1\DR1\Partition0

23:26:17.0895 2976 \Device\Harddisk1\DR1\Partition0 - ok

23:26:17.0895 2976 ============================================================

23:26:17.0895 2976 Scan finished

23:26:17.0895 2976 ============================================================

23:26:17.0910 2484 Detected object count: 0

23:26:17.0910 2484 Actual detected object count: 0

00:31:34.0370 5384 ============================================================

00:31:34.0370 5384 Scan started

00:31:34.0370 5384 Mode: Manual; SigCheck; TDLFS;

00:31:34.0370 5384 ============================================================

00:31:34.0838 5384 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

00:31:35.0104 5384 ACPI - ok

00:31:35.0228 5384 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

00:31:35.0275 5384 adp94xx - ok

00:31:35.0306 5384 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

00:31:35.0416 5384 adpahci - ok

00:31:35.0431 5384 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

00:31:35.0478 5384 adpu160m - ok

00:31:35.0587 5384 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

00:31:35.0634 5384 adpu320 - ok

00:31:35.0696 5384 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

00:31:35.0790 5384 AFD - ok

00:31:35.0884 5384 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys

00:31:35.0946 5384 AFS ( UnsignedFile.Multi.Generic ) - warning

00:31:35.0946 5384 AFS - detected UnsignedFile.Multi.Generic (1)

00:31:36.0024 5384 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

00:31:36.0180 5384 AgereSoftModem - ok

00:31:36.0305 5384 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

00:31:36.0352 5384 agp440 - ok

00:31:36.0383 5384 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

00:31:36.0414 5384 aic78xx - ok

00:31:36.0445 5384 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

00:31:36.0476 5384 aliide - ok

00:31:36.0508 5384 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

00:31:36.0539 5384 amdagp - ok

00:31:36.0648 5384 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

00:31:36.0664 5384 amdide - ok

00:31:36.0695 5384 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

00:31:36.0944 5384 AmdK7 - ok

00:31:37.0054 5384 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

00:31:37.0132 5384 AmdK8 - ok

00:31:37.0178 5384 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

00:31:37.0256 5384 ApfiltrService - ok

00:31:37.0381 5384 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

00:31:37.0412 5384 arc - ok

00:31:37.0444 5384 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

00:31:37.0475 5384 arcsas - ok

00:31:37.0522 5384 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

00:31:37.0615 5384 AsyncMac - ok

00:31:37.0724 5384 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

00:31:37.0756 5384 atapi - ok

00:31:37.0834 5384 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys

00:31:37.0927 5384 athr - ok

00:31:38.0130 5384 atikmdag (462a206dda06fb77af792a009375c899) C:\Windows\system32\DRIVERS\atikmdag.sys

00:31:38.0348 5384 atikmdag - ok

00:31:38.0458 5384 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

00:31:38.0520 5384 Beep - ok

00:31:38.0551 5384 blbdrive - ok

00:31:38.0614 5384 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

00:31:38.0692 5384 bowser - ok

00:31:38.0785 5384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

00:31:38.0894 5384 BrFiltLo - ok

00:31:38.0941 5384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

00:31:38.0988 5384 BrFiltUp - ok

00:31:39.0097 5384 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

00:31:39.0206 5384 Brserid - ok

00:31:39.0238 5384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

00:31:39.0347 5384 BrSerWdm - ok

00:31:39.0378 5384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

00:31:39.0456 5384 BrUsbMdm - ok

00:31:39.0565 5384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

00:31:39.0628 5384 BrUsbSer - ok

00:31:39.0659 5384 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

00:31:39.0752 5384 BTHMODEM - ok

00:31:39.0815 5384 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

00:31:39.0893 5384 cdfs - ok

00:31:40.0018 5384 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

00:31:40.0080 5384 cdrom - ok

00:31:40.0142 5384 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

00:31:40.0220 5384 circlass - ok

00:31:40.0283 5384 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

00:31:40.0330 5384 CLFS - ok

00:31:40.0439 5384 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

00:31:40.0501 5384 CmBatt - ok

00:31:40.0548 5384 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

00:31:40.0579 5384 cmdide - ok

00:31:40.0626 5384 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

00:31:40.0657 5384 Compbatt - ok

00:31:40.0766 5384 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

00:31:40.0782 5384 crcdisk - ok

00:31:40.0813 5384 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

00:31:40.0907 5384 Crusoe - ok

00:31:40.0985 5384 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

00:31:41.0078 5384 DfsC - ok

00:31:41.0203 5384 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

00:31:41.0250 5384 disk - ok

00:31:41.0297 5384 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

00:31:41.0359 5384 drmkaud - ok

00:31:41.0437 5384 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

00:31:41.0484 5384 DXGKrnl - ok

00:31:41.0593 5384 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

00:31:41.0702 5384 E1G60 - ok

00:31:41.0765 5384 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

00:31:41.0812 5384 Ecache - ok

00:31:41.0874 5384 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys

00:31:41.0936 5384 ElRawDisk - ok

00:31:42.0030 5384 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

00:31:42.0077 5384 elxstor - ok

00:31:42.0124 5384 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

00:31:42.0202 5384 exfat - ok

00:31:42.0248 5384 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

00:31:42.0311 5384 fastfat - ok

00:31:42.0420 5384 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

00:31:42.0514 5384 fdc - ok

00:31:42.0560 5384 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

00:31:42.0607 5384 FileInfo - ok

00:31:42.0654 5384 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

00:31:42.0716 5384 Filetrace - ok

00:31:42.0888 5384 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

00:31:42.0982 5384 flpydisk - ok

00:31:43.0028 5384 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

00:31:43.0075 5384 FltMgr - ok

00:31:43.0106 5384 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

00:31:43.0169 5384 Fs_Rec - ok

00:31:43.0278 5384 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

00:31:43.0309 5384 gagp30kx - ok

00:31:43.0356 5384 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys

00:31:43.0387 5384 GEARAspiWDM - ok

00:31:43.0434 5384 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

00:31:43.0543 5384 HdAudAddService - ok

00:31:43.0652 5384 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:31:43.0746 5384 HDAudBus - ok

00:31:43.0855 5384 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

00:31:43.0933 5384 HidBth - ok

00:31:43.0949 5384 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

00:31:44.0042 5384 HidIr - ok

00:31:44.0105 5384 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

00:31:44.0167 5384 HidUsb - ok

00:31:44.0276 5384 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

00:31:44.0308 5384 HpCISSs - ok

00:31:44.0354 5384 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

00:31:44.0479 5384 HTTP - ok

00:31:44.0573 5384 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

00:31:44.0604 5384 i2omp - ok

00:31:44.0651 5384 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

00:31:44.0729 5384 i8042prt - ok

00:31:44.0760 5384 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

00:31:44.0807 5384 iaStorV - ok

00:31:44.0916 5384 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

00:31:44.0947 5384 iirsp - ok

00:31:45.0041 5384 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys

00:31:45.0119 5384 IntcAzAudAddService - ok

00:31:45.0244 5384 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

00:31:45.0259 5384 intelide - ok

00:31:45.0290 5384 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

00:31:45.0400 5384 intelppm - ok

00:31:45.0446 5384 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:31:45.0524 5384 IpFilterDriver - ok

00:31:45.0634 5384 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

00:31:45.0774 5384 IPMIDRV - ok

00:31:45.0821 5384 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

00:31:45.0883 5384 IPNAT - ok

00:31:46.0008 5384 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

00:31:46.0055 5384 IRENUM - ok

00:31:46.0102 5384 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

00:31:46.0148 5384 isapnp - ok

00:31:46.0180 5384 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

00:31:46.0226 5384 iScsiPrt - ok

00:31:46.0336 5384 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

00:31:46.0367 5384 iteatapi - ok

00:31:46.0398 5384 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

00:31:46.0429 5384 iteraid - ok

00:31:46.0460 5384 JL2005C (03ca5f0eb17c33d79ef90c4cc21e80db) C:\Windows\system32\Drivers\jl2005c.sys

00:31:46.0507 5384 JL2005C ( UnsignedFile.Multi.Generic ) - warning

00:31:46.0507 5384 JL2005C - detected UnsignedFile.Multi.Generic (1)

00:31:46.0554 5384 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

00:31:46.0601 5384 kbdclass - ok

00:31:46.0710 5384 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

00:31:46.0772 5384 kbdhid - ok

00:31:46.0819 5384 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys

00:31:46.0913 5384 KR10I ( UnsignedFile.Multi.Generic ) - warning

00:31:46.0913 5384 KR10I - detected UnsignedFile.Multi.Generic (1)

00:31:47.0022 5384 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys

00:31:47.0116 5384 KR10N ( UnsignedFile.Multi.Generic ) - warning

00:31:47.0116 5384 KR10N - detected UnsignedFile.Multi.Generic (1)

00:31:47.0162 5384 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys

00:31:47.0287 5384 KR3NPXP ( UnsignedFile.Multi.Generic ) - warning

00:31:47.0287 5384 KR3NPXP - detected UnsignedFile.Multi.Generic (1)

00:31:47.0412 5384 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

00:31:47.0459 5384 KSecDD - ok

00:31:47.0521 5384 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

00:31:47.0599 5384 lltdio - ok

00:31:47.0708 5384 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

00:31:47.0771 5384 LPCFilter - ok

00:31:47.0818 5384 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

00:31:47.0864 5384 LSI_FC - ok

00:31:47.0896 5384 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

00:31:47.0927 5384 LSI_SAS - ok

00:31:48.0036 5384 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

00:31:48.0067 5384 LSI_SCSI - ok

00:31:48.0114 5384 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

00:31:48.0208 5384 luafv - ok

00:31:48.0301 5384 mbamchameleon (96c57f15a2b2015aa88d62a3e9daebc8) C:\Windows\system32\drivers\mbamchameleon.sys

00:31:48.0348 5384 mbamchameleon - ok

00:31:48.0426 5384 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

00:31:48.0457 5384 MBAMProtector - ok

00:31:48.0551 5384 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

00:31:48.0582 5384 megasas - ok

00:31:48.0644 5384 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

00:31:48.0722 5384 Modem - ok

00:31:48.0769 5384 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

00:31:48.0832 5384 monitor - ok

00:31:48.0941 5384 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

00:31:48.0972 5384 mouclass - ok

00:31:49.0019 5384 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

00:31:49.0097 5384 mouhid - ok

00:31:49.0206 5384 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

00:31:49.0237 5384 MountMgr - ok

00:31:49.0300 5384 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

00:31:49.0362 5384 MpFilter - ok

00:31:49.0456 5384 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

00:31:49.0518 5384 mpio - ok

00:31:49.0674 5384 MpKsl308ebcf2 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4055CE6-4F8E-4C06-94FD-7153F9799E0F}\MpKsl308ebcf2.sys

00:31:49.0705 5384 MpKsl308ebcf2 - ok

00:31:49.0814 5384 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

00:31:49.0846 5384 MpNWMon - ok

00:31:49.0892 5384 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

00:31:49.0939 5384 mpsdrv - ok

00:31:49.0986 5384 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

00:31:50.0017 5384 Mraid35x - ok

00:31:50.0126 5384 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

00:31:50.0204 5384 MRxDAV - ok

00:31:50.0236 5384 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:31:50.0314 5384 mrxsmb - ok

00:31:50.0438 5384 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:31:50.0485 5384 mrxsmb10 - ok

00:31:50.0532 5384 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:31:50.0594 5384 mrxsmb20 - ok

00:31:50.0626 5384 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

00:31:50.0657 5384 msahci - ok

00:31:50.0766 5384 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

00:31:50.0813 5384 msdsm - ok

00:31:50.0891 5384 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

00:31:50.0953 5384 Msfs - ok

00:31:51.0062 5384 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

00:31:51.0094 5384 msisadrv - ok

00:31:51.0140 5384 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

00:31:51.0218 5384 MSKSSRV - ok

00:31:51.0343 5384 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

00:31:51.0390 5384 MSPCLOCK - ok

00:31:51.0421 5384 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

00:31:51.0484 5384 MSPQM - ok

00:31:51.0530 5384 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

00:31:51.0593 5384 MsRPC - ok

00:31:51.0702 5384 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

00:31:51.0749 5384 mssmbios - ok

00:31:51.0780 5384 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

00:31:51.0842 5384 MSTEE - ok

00:31:51.0889 5384 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

00:31:51.0936 5384 Mup - ok

00:31:52.0045 5384 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

00:31:52.0108 5384 NativeWifiP - ok

00:31:52.0170 5384 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

00:31:52.0217 5384 NDIS - ok

00:31:52.0326 5384 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

00:31:52.0388 5384 NdisTapi - ok

00:31:52.0451 5384 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

00:31:52.0513 5384 Ndisuio - ok

00:31:52.0560 5384 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

00:31:52.0622 5384 NdisWan - ok

00:31:52.0732 5384 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

00:31:52.0794 5384 NDProxy - ok

00:31:52.0841 5384 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

00:31:52.0919 5384 NetBIOS - ok

00:31:52.0966 5384 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

00:31:53.0059 5384 netbt - ok

00:31:53.0184 5384 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

00:31:53.0215 5384 nfrd960 - ok

00:31:53.0262 5384 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

00:31:53.0309 5384 NisDrv - ok

00:31:53.0356 5384 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

00:31:53.0402 5384 Npfs - ok

00:31:53.0449 5384 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

00:31:53.0512 5384 nsiproxy - ok

00:31:53.0668 5384 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

00:31:53.0886 5384 Ntfs - ok

00:31:53.0980 5384 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

00:31:54.0073 5384 ntrigdigi - ok

00:31:54.0104 5384 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

00:31:54.0136 5384 NuidFltr - ok

00:31:54.0167 5384 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

00:31:54.0229 5384 Null - ok

00:31:54.0338 5384 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

00:31:54.0401 5384 nvraid - ok

00:31:54.0432 5384 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

00:31:54.0463 5384 nvstor - ok

00:31:54.0494 5384 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

00:31:54.0541 5384 nv_agp - ok

00:31:54.0588 5384 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

00:31:54.0650 5384 ohci1394 - ok

00:31:54.0775 5384 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

00:31:54.0884 5384 Parport - ok

00:31:54.0931 5384 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

00:31:54.0978 5384 partmgr - ok

00:31:54.0994 5384 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

00:31:55.0072 5384 Parvdm - ok

00:31:55.0181 5384 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

00:31:55.0212 5384 pci - ok

00:31:55.0243 5384 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

00:31:55.0274 5384 pciide - ok

00:31:55.0306 5384 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

00:31:55.0337 5384 pcmcia - ok

00:31:55.0477 5384 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

00:31:55.0602 5384 PEAUTH - ok

00:31:55.0758 5384 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys

00:31:55.0789 5384 Point32 - ok

00:31:55.0820 5384 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

00:31:55.0914 5384 PptpMiniport - ok

00:31:55.0961 5384 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

00:31:56.0070 5384 Processor - ok

00:31:56.0179 5384 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

00:31:56.0242 5384 PSched - ok

00:31:56.0304 5384 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

00:31:56.0366 5384 ql2300 - ok

00:31:56.0491 5384 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

00:31:56.0554 5384 ql40xx - ok

00:31:56.0600 5384 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

00:31:56.0678 5384 QWAVEdrv - ok

00:31:56.0788 5384 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

00:31:56.0850 5384 RasAcd - ok

00:31:56.0912 5384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:31:56.0990 5384 Rasl2tp - ok

00:31:57.0100 5384 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

00:31:57.0162 5384 RasPppoe - ok

00:31:57.0209 5384 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

00:31:57.0287 5384 RasSstp - ok

00:31:57.0396 5384 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

00:31:57.0505 5384 rdbss - ok

00:31:57.0552 5384 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:31:57.0599 5384 RDPCDD - ok

00:31:57.0724 5384 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

00:31:57.0817 5384 rdpdr - ok

00:31:57.0880 5384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

00:31:57.0942 5384 RDPENCDD - ok

00:31:58.0067 5384 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

00:31:58.0160 5384 RDPWD - ok

00:31:58.0223 5384 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys

00:31:58.0285 5384 RMCAST - ok

00:31:58.0332 5384 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

00:31:58.0394 5384 rspndr - ok

00:31:58.0504 5384 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys

00:31:58.0613 5384 RTL8169 - ok

00:31:58.0691 5384 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

00:31:58.0753 5384 SASDIFSV - ok

00:31:58.0784 5384 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

00:31:58.0800 5384 SASENUM - ok

00:31:58.0831 5384 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

00:31:58.0878 5384 SASKUTIL - ok

00:31:58.0987 5384 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

00:31:59.0050 5384 sbp2port - ok

00:31:59.0112 5384 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

00:31:59.0143 5384 sdbus - ok

00:31:59.0174 5384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:31:59.0268 5384 secdrv - ok

00:31:59.0377 5384 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

00:31:59.0455 5384 Serenum - ok

00:31:59.0486 5384 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

00:31:59.0564 5384 Serial - ok

00:31:59.0611 5384 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

00:31:59.0674 5384 sermouse - ok

00:31:59.0798 5384 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

00:31:59.0861 5384 sffdisk - ok

00:31:59.0939 5384 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

00:32:00.0017 5384 sffp_mmc - ok

00:32:00.0064 5384 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

00:32:00.0126 5384 sffp_sd - ok

00:32:00.0235 5384 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

00:32:00.0298 5384 sfloppy - ok

00:32:00.0344 5384 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

00:32:00.0376 5384 sisagp - ok

00:32:00.0407 5384 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

00:32:00.0438 5384 SiSRaid2 - ok

00:32:00.0469 5384 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

00:32:00.0516 5384 SiSRaid4 - ok

00:32:00.0641 5384 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

00:32:00.0719 5384 Smb - ok

00:32:00.0781 5384 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

00:32:00.0797 5384 spldr - ok

00:32:00.0859 5384 SQTECH913D (7af1dea797df3498abc193a1496d34f7) C:\Windows\system32\Drivers\Capt8080.sys

00:32:00.0890 5384 SQTECH913D ( UnsignedFile.Multi.Generic ) - warning

00:32:00.0890 5384 SQTECH913D - detected UnsignedFile.Multi.Generic (1)

00:32:01.0015 5384 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

00:32:01.0093 5384 srv - ok

00:32:01.0202 5384 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

00:32:01.0296 5384 srv2 - ok

00:32:01.0343 5384 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

00:32:01.0405 5384 srvnet - ok

00:32:01.0530 5384 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

00:32:01.0561 5384 swenum - ok

00:32:01.0624 5384 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

00:32:01.0655 5384 Symc8xx - ok

00:32:01.0686 5384 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

00:32:01.0717 5384 Sym_hi - ok

00:32:01.0826 5384 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

00:32:01.0858 5384 Sym_u3 - ok

00:32:01.0904 5384 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys

00:32:01.0936 5384 SynTP - ok

00:32:02.0014 5384 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

00:32:02.0092 5384 Tcpip - ok

00:32:02.0263 5384 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

00:32:02.0357 5384 Tcpip6 - ok

00:32:02.0497 5384 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

00:32:02.0591 5384 tcpipreg - ok

00:32:02.0638 5384 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys

00:32:02.0669 5384 TcUsb - ok

00:32:02.0778 5384 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

00:32:02.0825 5384 tdcmdpst - ok

00:32:02.0872 5384 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

00:32:02.0934 5384 TDPIPE - ok

00:32:03.0059 5384 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

00:32:03.0137 5384 TDTCP - ok

00:32:03.0168 5384 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

00:32:03.0262 5384 tdx - ok

00:32:03.0371 5384 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

00:32:03.0418 5384 TermDD - ok

00:32:03.0464 5384 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys

00:32:03.0542 5384 tifm21 - ok

00:32:03.0683 5384 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

00:32:03.0745 5384 tos_sps32 - ok

00:32:03.0839 5384 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:32:03.0917 5384 tssecsrv - ok

00:32:04.0010 5384 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

00:32:04.0073 5384 tunmp - ok

00:32:04.0151 5384 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

00:32:04.0198 5384 tunnel - ok

00:32:04.0307 5384 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

00:32:04.0338 5384 TVALZ - ok

00:32:04.0400 5384 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

00:32:04.0447 5384 uagp35 - ok

00:32:04.0478 5384 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

00:32:04.0525 5384 udfs - ok

00:32:04.0650 5384 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

00:32:04.0681 5384 uliagpkx - ok

00:32:04.0759 5384 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

00:32:04.0837 5384 uliahci - ok

00:32:04.0931 5384 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

00:32:04.0962 5384 UlSata - ok

00:32:05.0009 5384 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

00:32:05.0056 5384 ulsata2 - ok

00:32:05.0102 5384 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

00:32:05.0165 5384 umbus - ok

00:32:05.0274 5384 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

00:32:05.0352 5384 usbccgp - ok

00:32:05.0414 5384 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

00:32:05.0539 5384 usbcir - ok

00:32:05.0633 5384 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

00:32:05.0695 5384 usbehci - ok

00:32:05.0758 5384 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

00:32:05.0804 5384 usbhub - ok

00:32:05.0898 5384 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

00:32:05.0945 5384 usbohci - ok

00:32:06.0007 5384 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

00:32:06.0085 5384 usbprint - ok

00:32:06.0179 5384 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

00:32:06.0257 5384 usbscan - ok

00:32:06.0319 5384 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:32:06.0397 5384 USBSTOR - ok

00:32:06.0491 5384 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

00:32:06.0569 5384 usbuhci - ok

00:32:06.0631 5384 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

00:32:06.0725 5384 usbvideo - ok

00:32:06.0834 5384 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

00:32:06.0928 5384 vga - ok

00:32:06.0990 5384 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

00:32:07.0068 5384 VgaSave - ok

00:32:07.0162 5384 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

00:32:07.0193 5384 viaagp - ok

00:32:07.0240 5384 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

00:32:07.0333 5384 ViaC7 - ok

00:32:07.0380 5384 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

00:32:07.0411 5384 viaide - ok

00:32:07.0489 5384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

00:32:07.0536 5384 volmgr - ok

00:32:07.0614 5384 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

00:32:07.0645 5384 volmgrx - ok

00:32:07.0770 5384 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

00:32:07.0801 5384 volsnap - ok

00:32:07.0879 5384 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

00:32:07.0926 5384 vsmraid - ok

00:32:08.0066 5384 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

00:32:08.0144 5384 WacomPen - ok

00:32:08.0207 5384 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

00:32:08.0285 5384 Wanarp - ok

00:32:08.0285 5384 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

00:32:08.0347 5384 Wanarpv6 - ok

00:32:08.0472 5384 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

00:32:08.0503 5384 Wd - ok

00:32:08.0566 5384 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

00:32:08.0612 5384 Wdf01000 - ok

00:32:08.0784 5384 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

00:32:08.0862 5384 WmiAcpi - ok

00:32:08.0940 5384 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

00:32:08.0987 5384 WpdUsb - ok

00:32:09.0096 5384 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

00:32:09.0158 5384 ws2ifsl - ok

00:32:09.0236 5384 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:32:09.0330 5384 WUDFRd - ok

00:32:09.0377 5384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:32:09.0673 5384 \Device\Harddisk0\DR0 - ok

00:32:09.0689 5384 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1

00:32:10.0094 5384 \Device\Harddisk1\DR1 - ok

00:32:10.0094 5384 Boot (0x1200) (d839a252520b6c7c5e602299d0db3a6e) \Device\Harddisk0\DR0\Partition0

00:32:10.0094 5384 \Device\Harddisk0\DR0\Partition0 - ok

00:32:10.0110 5384 Boot (0x1200) (0514f3781bb456aab6c5863eaa8d5169) \Device\Harddisk1\DR1\Partition0

00:32:10.0110 5384 \Device\Harddisk1\DR1\Partition0 - ok

00:32:10.0110 5384 ============================================================

00:32:10.0110 5384 Scan finished

00:32:10.0110 5384 ============================================================

00:32:10.0126 5376 Detected object count: 6

00:32:10.0126 5376 Actual detected object count: 6

00:42:34.0861 5376 AFS ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0861 5376 AFS ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:42:34.0861 5376 JL2005C ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0877 5376 JL2005C ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:42:34.0877 5376 KR10I ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0877 5376 KR10I ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:42:34.0877 5376 KR10N ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0877 5376 KR10N ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:42:34.0877 5376 KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0877 5376 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:42:34.0877 5376 SQTECH913D ( UnsignedFile.Multi.Generic ) - skipped by user

00:42:34.0877 5376 SQTECH913D ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:51:41.0309 3828 Deinitialize success

[Elise]

All these files are legit and do not need to be removed. How are things running at this point?

[toots]

Sorry for the long delay in responding. Things are not much better at this point. I recently ran a Malwarebytes scan and this is what was found:

Vender Category Item Other

Broken.OpenCommand Registry Data HKCR\scrfile\shell\open\command Bad: (NOTEPAD.EXE %1) Good {"%1"/S}

Broken.OpenCommand Registry Data HKCR\regfile\shell\open\command Bad: (NOTEPAD.EXE %1) Good {regedit.exe"%1"}

I'm going to select to remove and reboot and run another scan and I'll post the results then.

[toots]

Here is the log file:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.17.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Magic :: MAGIC-PC [administrator]

Protection: Disabled

2/17/2012 12:32:34 PM

mbam-log-2012-02-17 (12-32-34).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 537897

Time elapsed: 2 hour(s), 45 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Elise]

Okay, lets try the following.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

[toots]

FSS.txt log results:

Farbar Service Scanner Version: 14-02-2012

Ran by Magic (administrator) on 18-02-2012 at 10:36:18

Running from "C:\Users\Magic\Downloads"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2011-11-09 12:05] - [2011-09-20 13:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

[Elise]

Do the items found by MBAM return on each scan?

Besides this, can you describe which problems you still have?