Jump to content

Scour, netbs.sys, JS/redir and probably other problems


Recommended Posts

Hello,

First, thanks in advance for your help. You guys do great work and I appreciate it.

Here are the original symptoms:

  1. When I clicked on Google search results, I would be redirected. I noticed ‘scour’ was part of most of the URLs. This happened on IE and Firefox mostly, but also on Chrome.
  2. Only on IE, new tabs would open on their own with some bogus news site
  3. AVG would bring up notices about netbt.sys
  4. AVG would bring up notices about JS/redir
  5. AVG would bring up notices about Trojan-spy.win32.zbot.gen
  6. I cannot turn on my Windows Firewall or Windows Security Center
  7. My computer CPU is running at near 100% a lot of the time, even with little to no programs open.
  8. I received an error message when I tried to install Malwarebytes. The error message mentioned something about not having administrator access. I tried some of the suggestions you offer in a post including trying to use Chameleon. None of them worked.
  9. Any other malware or virus program I have tried downloading receives the same error message about not having administrator access to install it, even though I am on the administrator account.

What I have done so far:

  1. Ran Malwarebytes. I finally got Malwarebytes to work. What worked was using my zip program to create a self-extracting file for the installation file. It seems that it replaced the one I originally downloaded that would not open. I don’t know how or why, but that worked. Malwarebytes installed. I ran Chameleon to be safe, then ran Malwarebytes Quick Scan. The scan found 25 things. The results are below. I needed to use this workaround for installing Farbar and DDS too.
  2. Restarted computer then ran the full scan. It did not find anything. I have that log as well if you need it.
  3. I still get redirected from Google search results.
  4. Ran Farbar Service Scanner. The results are below.
  5. Ran DDS. The results are below.

I won’t do anything else until I hear from you. Thanks.

Best regards,

Frank

MALWAREBYTES OUTPUT

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.05.01

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.16945

Christie :: FAMILY-DESKTOP [administrator]

2/5/2012 12:19:12 AM

mbam-log-2012-02-05 (00-19-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 192676

Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 23

HKLM\SYSTEM\CurrentControlSet\Services\5728 (Heuristics.Shuriken) -> Quarantined and deleted successfully.

HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:56949 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Temp\5728.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)

FSS OUTPUT

Farbar Service Scanner Version: 04-02-2012 01

Ran by Christie (administrator) on 05-02-2012 at 09:47:16

Running from "C:\Users\Christie\Downloads"

Microsoft® Windows Vista™ Home Basic (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

DDS.TXT OUTPUT

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.16945

Run by Christie at 11:37:34 on 2012-02-05

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.3061.1658 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\QuickTime\QTTask.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Users\Christie\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE

C:\Users\Christie\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Christie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Users\Christie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Christie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Christie\AppData\Local\Akamai\netsession_win.exe

C:\Users\Christie\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/?rlz=1V1IPYX

uWindow Title = Internet Explorer provided by Dell

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: {CF418B05-72F5-4CCA-96D5-D39EA22BE927} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Google Update] "c:\users\christie\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S260D.tmp" /EF "HKCU"

uRun: [Akamai NetSession Interface] "c:\users\christie\appdata\local\akamai\netsession_win.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

LSP: c:\windows\system32\wpclsp.dll

LSP: mswsock.dll

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://atlnotes3.notes.assurant.com/dwa85W.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{1D6FBFFD-085D-4758-AA13-A672AE03D434} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3A800715-CF86-4EB2-A36A-C953EA56A820} : DhcpNameServer = 143.166.95.37 143.166.99.14

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-21 64512]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-2-5 26224]

.

=============== Created Last 30 ================

.

2012-02-05 14:17:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-05 05:15:27 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-02-05 05:11:05 -------- d-----w- c:\users\christie\appdata\roaming\Malwarebytes

2012-02-05 05:10:19 -------- d-----w- c:\programdata\Malwarebytes

2012-02-05 05:10:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-05 05:10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-04 15:07:31 29696 ----a-w- c:\windows\system32\owJ2Eep.com

2012-02-01 14:16:38 -------- d-----w- c:\program files\iPod

2012-02-01 14:16:36 -------- d-----w- c:\program files\iTunes

2012-01-26 16:15:31 -------- d-----w- c:\users\christie\appdata\roaming\webex

2012-01-26 16:14:36 -------- d-----w- c:\programdata\WebEx

2012-01-26 04:11:09 -------- d-----w- c:\users\christie\appdata\local\Amazon

2012-01-26 03:52:19 -------- d-----w- C:\Softland

2012-01-26 03:41:00 -------- d-----w- c:\users\christie\Images

2012-01-25 19:20:27 -------- d-----w- c:\users\christie\appdata\roaming\Softland

2012-01-25 19:20:22 23376 ----a-w- c:\windows\system32\dopdfmn7.dll

2012-01-25 19:20:22 20816 ----a-w- c:\windows\system32\dopdfmi7.dll

2012-01-25 19:20:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2012-01-25 19:20:19 -------- d-----w- c:\program files\Softland

2012-01-22 16:20:52 -------- d-----w- c:\program files\Glarysoft

2012-01-21 20:29:23 16432 ----a-w- c:\windows\system32\lsdelete.exe

2012-01-21 19:50:26 -------- d--h--w- c:\programdata\Common Files

2012-01-21 19:45:05 -------- d-----w- c:\program files\AVG

2012-01-21 19:37:39 -------- d-----w- c:\programdata\MFAData

2012-01-21 18:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-21 17:33:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-01-21 17:17:07 -------- d-----w- c:\users\christie\appdata\local\adaware

2012-01-21 17:17:06 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-01-21 17:16:58 -------- d-----w- c:\program files\Toolbar Cleaner

2012-01-21 17:16:28 -------- d-----w- c:\program files\adawaretb

2012-01-21 17:16:20 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-01-21 04:52:41 396800 ----a-w- c:\windows\system32\msfrt40.dll

2012-01-21 04:52:40 558656 ----a-w- c:\windows\system32\sb6ent.ocx

2012-01-21 04:52:37 92160 ----a-w- c:\windows\system32\grid32.ocx

2012-01-21 04:52:37 722192 ----a-w- c:\windows\system32\vb40032.dll

2012-01-21 04:52:37 200704 ----a-w- c:\windows\system32\threed32.ocx

2012-01-21 04:52:37 1335584 ----a-w- c:\windows\system32\sbe6_32.dll

2012-01-21 04:27:57 -------- d-----w- c:\program files\SPSS

2012-01-21 03:19:38 -------- d-----w- c:\program files\Nancy Drew

2012-01-20 17:00:53 -------- d-----w- c:\program files\LP

2012-01-20 17:00:06 155648 ----a-w- c:\windows\system32\igfxres.dll

2012-01-20 04:47:09 -------- d-----w- c:\users\christie\appdata\roaming\50912

2012-01-20 04:46:35 -------- d-----w- c:\users\christie\appdata\roaming\94850

2012-01-17 07:04:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f5c5365-dfbe-477f-9bdf-faea7aa6f788}\mpengine.dll

.

==================== Find3M ====================

.

2012-01-26 16:11:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 11:38:29.17 ===============

ATTACH.TXT OUTPUT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 7/24/2007 8:19:55 AM

System Uptime: 2/5/2012 10:10:55 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0WG864

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2792/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 21.592 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 7.025 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

3DVIA player 5.0

Ad-Aware

Ad-Aware Security Toolbar

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2)

AIM 7

AIM Toolbar

Akamai NetSession Interface

Akamai NetSession Interface Service

ALZip

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Clifford Musical Memory Games

Clifford Reading

Clifford Thinking Adventures

Compatibility Pack for the 2007 Office system

Conexant D850 PCI V.92 Modem

Digital Line Detect

Disney Toontown Online

DivX Content Uploader

DivX Web Player

doPDF 7.2 printer

Download Manager 2.3.10

Download Updater (AOL LLC)

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 840 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

Facebook Plug-In

FirstClass® Client

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GTK+ Runtime 2.10.13 rev a (remove only)

Hello Kitty Online Installer

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

InterActual Player

iSkysoft DVD to iPhone Converter(Build 2.3.3.0)

iTunes

Java Auto Updater

Java 6 Update 30

JumpStart Advanced Preschool

K-Lite Codec Pack 4.0.0 (Full)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MicroWorlds EX Demo

MicroWorlds EX Web Player

MicroWorlds Web Player

Modem Diagnostic Tool

Move Networks Media Player for Internet Explorer

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nancy Drew: The Curse of Blackmoor Manor

NetWaiting

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

PBS KIDS PLAY!

Picasa 3

PowerDVD

QuickTime

Registry Repair 4.1.0.388

Rome - Total War - Gold Edition

Security Update for CAPICOM (KB931906)

Shutterfly Express Uploader

SigmaTel Audio

Skype™ 5.6

Spelling Dictionaries Support For Adobe Reader 8

SPSS 11.0 for Windows

swMSM

System Requirements Lab for Intel

Teacher's Resource Planner Reading Grade 1

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

User's Guides

WebEx

WebIQ Technology Engine

YouTube Downloader 2.7

.

==== Event Viewer Messages From Past Week ========

.

2/5/2012 12:15:27 AM, Error: Service Control Manager [7000] - The mbamchameleon service failed to start due to the following error: The specified procedure could not be found.

2/5/2012 10:11:57 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

2/4/2012 8:37:56 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.

2/4/2012 10:38:09 PM, Error: EventLog [6008] - The previous system shutdown at 10:36:04 PM on 2/4/2012 was unexpected.

2/3/2012 3:24:56 PM, Error: Print [6161] - The document Microsoft Word - Resume Frank G Barbeite.doc, owned by Christie, failed to print on printer doPDF v7. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\FAMILY-DESKTOP. Win32 error code returned by the print processor: 6. The handle is invalid.

2/1/2012 9:19:42 AM, Error: Print [6161] - The document Microsoft Word - aa Innovation Assessment Development Plan.doc, owned by Christie, failed to print on printer doPDF v7. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 4. Number of pages printed: 0. Client computer: \\FAMILY-DESKTOP. Win32 error code returned by the print processor: 6. The handle is invalid.

1/31/2012 5:56:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.

1/30/2012 10:42:42 AM, Error: Print [19] - The print spooler failed to share printer hp officejet 5500 series with shared resource name hp officejet 5500 series. Error 1753. The printer cannot be used by others on the network.

1/30/2012 10:41:39 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/30/2012 10:41:39 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/30/2012 10:41:39 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/30/2012 10:41:39 AM, Error: Service Control Manager [7000] - The 5728 service failed to start due to the following error: Access is denied.

1/29/2012 4:36:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.

.

==== End Of File ===========================

Link to post
Share on other sites

There is quite some work to do here, lets focus first on the infections remaining.

Please read the following information before continuing with the cleanup.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

Double click on the downloaded file. It should only take a few seconds to run.

When complete, it will say .. "Done! Please check if BFE service is running now"

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Blonde,

Thanks for taking on my case. As I feared, it is a bad one.

I think I am going to reformat. But I need to be sure I have all the software I would need to reinstall, room on my backup hard drive for all my data, and learn how to use the recovery partition of the hard drive to do a reinstall. One question I have for you is if it is likely that the recovery partition on the hard drive is infected also?

In the meantime, I will take the next steps in trying to clean the computer, and your recommended steps regarding security.

I downloaded Restore BFE and installed it.

I then ran ComboFix and it gave the following error message:

Error opening file for writing:

C:\32788R22FWJFW\NirCmd.3xe

It gave the me option to Retry, Continue or Abort. I aborted for now to report in to you what happened and get your recommendation on how to proceed.

Thanks.

Best regards,

Frank

Link to post
Share on other sites

Now another error window comes up.

Error - Win32 only

Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.

I have Vista Home Basic, 32bit. Also, I tried to run ComboFix from the desktop with all other applications closed.

I made sure that the version I was downloading was compatible with Vista.

What should I try next?

Link to post
Share on other sites

Please try this instead:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise,

TDSS ran without a problem. It did find one threat, cured it, and rebooted the computer. Below is the text from the log. Let me know what the next step is. Thanks for your continued help.

TDSS Log

12:30:04.0862 19944 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

12:30:05.0284 19944 ============================================================

12:30:05.0284 19944 Current date / time: 2012/02/07 12:30:05.0284

12:30:05.0284 19944 SystemInfo:

12:30:05.0284 19944

12:30:05.0284 19944 OS Version: 6.0.6000 ServicePack: 0.0

12:30:05.0284 19944 Product type: Workstation

12:30:05.0284 19944 ComputerName: FAMILY-DESKTOP

12:30:05.0284 19944 UserName: Christie

12:30:05.0284 19944 Windows directory: C:\Windows

12:30:05.0284 19944 System windows directory: C:\Windows

12:30:05.0284 19944 Processor architecture: Intel x86

12:30:05.0284 19944 Number of processors: 2

12:30:05.0284 19944 Page size: 0x1000

12:30:05.0284 19944 Boot type: Normal boot

12:30:05.0284 19944 ============================================================

12:30:05.0736 19944 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:30:05.0736 19944 \Device\Harddisk0\DR0:

12:30:05.0736 19944 MBR used

12:30:05.0736 19944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000

12:30:05.0736 19944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x115F1000

12:30:05.0798 19944 Initialize success

12:30:05.0798 19944 ============================================================

12:30:20.0884 19996 ============================================================

12:30:20.0884 19996 Scan started

12:30:20.0884 19996 Mode: Manual;

12:30:20.0884 19996 ============================================================

12:30:22.0568 19996 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

12:30:22.0568 19996 ACPI - ok

12:30:22.0662 19996 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

12:30:22.0662 19996 adp94xx - ok

12:30:22.0693 19996 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

12:30:22.0693 19996 adpahci - ok

12:30:22.0709 19996 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

12:30:22.0709 19996 adpu160m - ok

12:30:22.0740 19996 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

12:30:22.0740 19996 adpu320 - ok

12:30:22.0787 19996 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

12:30:22.0787 19996 AFD - ok

12:30:22.0818 19996 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

12:30:22.0818 19996 agp440 - ok

12:30:22.0834 19996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

12:30:22.0834 19996 aic78xx - ok

12:30:22.0880 19996 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

12:30:22.0880 19996 aliide - ok

12:30:22.0896 19996 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

12:30:22.0896 19996 amdagp - ok

12:30:22.0927 19996 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

12:30:22.0927 19996 amdide - ok

12:30:22.0958 19996 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

12:30:22.0958 19996 AmdK7 - ok

12:30:22.0974 19996 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

12:30:22.0974 19996 AmdK8 - ok

12:30:23.0036 19996 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

12:30:23.0036 19996 arc - ok

12:30:23.0052 19996 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

12:30:23.0068 19996 arcsas - ok

12:30:23.0083 19996 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

12:30:23.0099 19996 AsyncMac - ok

12:30:23.0114 19996 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys

12:30:23.0114 19996 atapi - ok

12:30:23.0177 19996 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

12:30:23.0177 19996 BCM43XV - ok

12:30:23.0208 19996 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

12:30:23.0208 19996 Beep - ok

12:30:23.0239 19996 blbdrive - ok

12:30:23.0317 19996 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

12:30:23.0317 19996 bowser - ok

12:30:23.0348 19996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

12:30:23.0348 19996 BrFiltLo - ok

12:30:23.0364 19996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

12:30:23.0364 19996 BrFiltUp - ok

12:30:23.0411 19996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

12:30:23.0411 19996 Brserid - ok

12:30:23.0442 19996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

12:30:23.0442 19996 BrSerWdm - ok

12:30:23.0458 19996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

12:30:23.0458 19996 BrUsbMdm - ok

12:30:23.0489 19996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

12:30:23.0489 19996 BrUsbSer - ok

12:30:23.0536 19996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

12:30:23.0536 19996 BTHMODEM - ok

12:30:23.0567 19996 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

12:30:23.0567 19996 cdfs - ok

12:30:23.0582 19996 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

12:30:23.0582 19996 cdrom - ok

12:30:23.0614 19996 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

12:30:23.0614 19996 circlass - ok

12:30:23.0645 19996 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

12:30:23.0645 19996 CLFS - ok

12:30:23.0692 19996 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

12:30:23.0692 19996 cmdide - ok

12:30:23.0723 19996 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

12:30:23.0723 19996 Compbatt - ok

12:30:23.0770 19996 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

12:30:23.0770 19996 crcdisk - ok

12:30:23.0801 19996 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

12:30:23.0801 19996 Crusoe - ok

12:30:23.0848 19996 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

12:30:23.0848 19996 DfsC - ok

12:30:23.0910 19996 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

12:30:23.0910 19996 disk - ok

12:30:23.0988 19996 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

12:30:23.0988 19996 drmkaud - ok

12:30:24.0066 19996 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

12:30:24.0082 19996 DXGKrnl - ok

12:30:24.0128 19996 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

12:30:24.0144 19996 e1express - ok

12:30:24.0175 19996 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

12:30:24.0175 19996 E1G60 - ok

12:30:24.0206 19996 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

12:30:24.0206 19996 Ecache - ok

12:30:24.0238 19996 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

12:30:24.0253 19996 elxstor - ok

12:30:24.0284 19996 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

12:30:24.0284 19996 fastfat - ok

12:30:24.0300 19996 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

12:30:24.0300 19996 fdc - ok

12:30:24.0316 19996 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

12:30:24.0316 19996 FileInfo - ok

12:30:24.0347 19996 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

12:30:24.0347 19996 Filetrace - ok

12:30:24.0362 19996 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

12:30:24.0362 19996 flpydisk - ok

12:30:24.0409 19996 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

12:30:24.0409 19996 FltMgr - ok

12:30:24.0456 19996 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

12:30:24.0456 19996 Fs_Rec - ok

12:30:24.0472 19996 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

12:30:24.0472 19996 gagp30kx - ok

12:30:24.0534 19996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

12:30:24.0550 19996 GEARAspiWDM - ok

12:30:24.0690 19996 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

12:30:24.0706 19996 HdAudAddService - ok

12:30:24.0737 19996 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:30:24.0737 19996 HDAudBus - ok

12:30:24.0784 19996 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

12:30:24.0784 19996 HidBth - ok

12:30:24.0815 19996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

12:30:24.0815 19996 HidIr - ok

12:30:24.0893 19996 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

12:30:24.0893 19996 HidUsb - ok

12:30:24.0924 19996 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

12:30:24.0924 19996 HpCISSs - ok

12:30:24.0986 19996 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

12:30:25.0018 19996 HSF_DPV - ok

12:30:25.0064 19996 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

12:30:25.0064 19996 HSXHWBS2 - ok

12:30:25.0111 19996 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys

12:30:25.0127 19996 HTTP - ok

12:30:25.0158 19996 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

12:30:25.0158 19996 i2omp - ok

12:30:25.0220 19996 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

12:30:25.0220 19996 i8042prt - ok

12:30:25.0267 19996 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys

12:30:25.0267 19996 iaStor - ok

12:30:25.0314 19996 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

12:30:25.0314 19996 iaStorV - ok

12:30:25.0439 19996 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys

12:30:25.0486 19996 igfx - ok

12:30:25.0517 19996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

12:30:25.0532 19996 iirsp - ok

12:30:25.0595 19996 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys

12:30:25.0595 19996 intelide - ok

12:30:25.0626 19996 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

12:30:25.0626 19996 intelppm - ok

12:30:25.0673 19996 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:30:25.0673 19996 IpFilterDriver - ok

12:30:25.0688 19996 IpInIp - ok

12:30:25.0720 19996 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

12:30:25.0720 19996 IPMIDRV - ok

12:30:25.0766 19996 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

12:30:25.0766 19996 IPNAT - ok

12:30:25.0844 19996 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

12:30:25.0844 19996 IRENUM - ok

12:30:25.0860 19996 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

12:30:25.0860 19996 isapnp - ok

12:30:25.0938 19996 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

12:30:25.0969 19996 iScsiPrt - ok

12:30:25.0985 19996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

12:30:25.0985 19996 iteatapi - ok

12:30:26.0016 19996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

12:30:26.0016 19996 iteraid - ok

12:30:26.0063 19996 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

12:30:26.0063 19996 kbdclass - ok

12:30:26.0094 19996 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

12:30:26.0110 19996 kbdhid - ok

12:30:26.0172 19996 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

12:30:26.0172 19996 KSecDD - ok

12:30:26.0250 19996 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

12:30:26.0266 19996 Lbd - ok

12:30:26.0297 19996 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

12:30:26.0297 19996 lltdio - ok

12:30:26.0344 19996 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

12:30:26.0344 19996 LSI_FC - ok

12:30:26.0375 19996 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

12:30:26.0375 19996 LSI_SAS - ok

12:30:26.0422 19996 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

12:30:26.0422 19996 LSI_SCSI - ok

12:30:26.0453 19996 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

12:30:26.0453 19996 luafv - ok

12:30:26.0515 19996 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\DRIVERS\LVUSBSta.sys

12:30:26.0515 19996 LVUSBSta - ok

12:30:26.0609 19996 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys

12:30:26.0718 19996 LVUVC - ok

12:30:26.0765 19996 mbamchameleon (96c57f15a2b2015aa88d62a3e9daebc8) C:\Windows\system32\drivers\mbamchameleon.sys

12:30:26.0780 19996 mbamchameleon - ok

12:30:26.0827 19996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

12:30:26.0827 19996 mdmxsdk - ok

12:30:26.0843 19996 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

12:30:26.0858 19996 megasas - ok

12:30:26.0890 19996 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

12:30:26.0890 19996 Modem - ok

12:30:26.0952 19996 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

12:30:26.0952 19996 monitor - ok

12:30:26.0983 19996 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

12:30:26.0999 19996 mouclass - ok

12:30:27.0030 19996 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

12:30:27.0030 19996 mouhid - ok

12:30:27.0077 19996 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

12:30:27.0077 19996 MountMgr - ok

12:30:27.0092 19996 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

12:30:27.0108 19996 mpio - ok

12:30:27.0124 19996 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

12:30:27.0139 19996 mpsdrv - ok

12:30:27.0170 19996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

12:30:27.0170 19996 Mraid35x - ok

12:30:27.0202 19996 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

12:30:27.0202 19996 MRxDAV - ok

12:30:27.0233 19996 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:30:27.0233 19996 mrxsmb - ok

12:30:27.0264 19996 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:30:27.0264 19996 mrxsmb10 - ok

12:30:27.0295 19996 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:30:27.0295 19996 mrxsmb20 - ok

12:30:27.0326 19996 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

12:30:27.0326 19996 msahci - ok

12:30:27.0373 19996 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

12:30:27.0373 19996 msdsm - ok

12:30:27.0436 19996 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

12:30:27.0436 19996 Msfs - ok

12:30:27.0467 19996 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

12:30:27.0467 19996 msisadrv - ok

12:30:27.0514 19996 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

12:30:27.0514 19996 MSKSSRV - ok

12:30:27.0529 19996 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

12:30:27.0529 19996 MSPCLOCK - ok

12:30:27.0560 19996 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

12:30:27.0560 19996 MSPQM - ok

12:30:27.0592 19996 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

12:30:27.0607 19996 MsRPC - ok

12:30:27.0638 19996 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

12:30:27.0638 19996 mssmbios - ok

12:30:27.0670 19996 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

12:30:27.0670 19996 MSTEE - ok

12:30:27.0701 19996 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

12:30:27.0701 19996 Mup - ok

12:30:27.0763 19996 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

12:30:27.0763 19996 NativeWifiP - ok

12:30:27.0841 19996 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

12:30:27.0872 19996 NDIS - ok

12:30:27.0935 19996 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

12:30:27.0935 19996 NdisTapi - ok

12:30:27.0966 19996 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

12:30:27.0966 19996 Ndisuio - ok

12:30:27.0982 19996 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

12:30:27.0997 19996 NdisWan - ok

12:30:28.0028 19996 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

12:30:28.0028 19996 NDProxy - ok

12:30:28.0060 19996 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

12:30:28.0060 19996 NetBIOS - ok

12:30:28.0091 19996 netbt (f3bc5c80189068270c923c91eed13c3e) C:\Windows\system32\DRIVERS\netbt.sys

12:30:28.0091 19996 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: f3bc5c80189068270c923c91eed13c3e, Fake md5: e3a168912e7eefc3bd3b814720d68b41

12:30:28.0091 19996 netbt ( Virus.Win32.ZAccess.k ) - infected

12:30:28.0091 19996 netbt - detected Virus.Win32.ZAccess.k (0)

12:30:28.0153 19996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

12:30:28.0153 19996 nfrd960 - ok

12:30:28.0169 19996 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

12:30:28.0169 19996 Npfs - ok

12:30:28.0216 19996 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

12:30:28.0216 19996 nsiproxy - ok

12:30:28.0262 19996 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

12:30:28.0309 19996 Ntfs - ok

12:30:28.0356 19996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

12:30:28.0356 19996 ntrigdigi - ok

12:30:28.0372 19996 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

12:30:28.0372 19996 Null - ok

12:30:28.0403 19996 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

12:30:28.0403 19996 nvraid - ok

12:30:28.0434 19996 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

12:30:28.0434 19996 nvstor - ok

12:30:28.0450 19996 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

12:30:28.0465 19996 nv_agp - ok

12:30:28.0481 19996 NwlnkFlt - ok

12:30:28.0496 19996 NwlnkFwd - ok

12:30:28.0528 19996 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

12:30:28.0528 19996 ohci1394 - ok

12:30:28.0590 19996 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys

12:30:28.0590 19996 PalmUSBD - ok

12:30:28.0606 19996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

12:30:28.0606 19996 Parport - ok

12:30:28.0637 19996 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys

12:30:28.0637 19996 partmgr - ok

12:30:28.0668 19996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

12:30:28.0668 19996 Parvdm - ok

12:30:28.0684 19996 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

12:30:28.0699 19996 pci - ok

12:30:28.0730 19996 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

12:30:28.0730 19996 pciide - ok

12:30:28.0762 19996 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

12:30:28.0777 19996 pcmcia - ok

12:30:28.0824 19996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

12:30:28.0824 19996 PEAUTH - ok

12:30:28.0902 19996 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

12:30:28.0902 19996 PptpMiniport - ok

12:30:28.0933 19996 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

12:30:28.0933 19996 Processor - ok

12:30:29.0027 19996 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

12:30:29.0027 19996 PSched - ok

12:30:29.0058 19996 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

12:30:29.0089 19996 ql2300 - ok

12:30:29.0120 19996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

12:30:29.0120 19996 ql40xx - ok

12:30:29.0152 19996 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

12:30:29.0152 19996 QWAVEdrv - ok

12:30:29.0245 19996 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

12:30:29.0308 19996 R300 - ok

12:30:29.0354 19996 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

12:30:29.0354 19996 RasAcd - ok

12:30:29.0370 19996 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:30:29.0370 19996 Rasl2tp - ok

12:30:29.0417 19996 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

12:30:29.0417 19996 RasPppoe - ok

12:30:29.0432 19996 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

12:30:29.0448 19996 rdbss - ok

12:30:29.0448 19996 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:30:29.0448 19996 RDPCDD - ok

12:30:29.0495 19996 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

12:30:29.0495 19996 rdpdr - ok

12:30:29.0510 19996 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

12:30:29.0510 19996 RDPENCDD - ok

12:30:29.0557 19996 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

12:30:29.0557 19996 RDPWD - ok

12:30:29.0604 19996 RimUsb - ok

12:30:29.0651 19996 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

12:30:29.0651 19996 RimVSerPort - ok

12:30:29.0698 19996 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys

12:30:29.0713 19996 ROOTMODEM - ok

12:30:29.0729 19996 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

12:30:29.0744 19996 rspndr - ok

12:30:29.0760 19996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

12:30:29.0760 19996 sbp2port - ok

12:30:29.0822 19996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

12:30:29.0822 19996 secdrv - ok

12:30:29.0854 19996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

12:30:29.0854 19996 Serenum - ok

12:30:29.0885 19996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

12:30:29.0885 19996 Serial - ok

12:30:29.0900 19996 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

12:30:29.0900 19996 sermouse - ok

12:30:29.0947 19996 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

12:30:29.0947 19996 sffdisk - ok

12:30:29.0963 19996 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

12:30:29.0963 19996 sffp_mmc - ok

12:30:30.0010 19996 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

12:30:30.0025 19996 sffp_sd - ok

12:30:30.0119 19996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

12:30:30.0119 19996 sfloppy - ok

12:30:30.0150 19996 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

12:30:30.0150 19996 sisagp - ok

12:30:30.0181 19996 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

12:30:30.0181 19996 SiSRaid2 - ok

12:30:30.0212 19996 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

12:30:30.0212 19996 SiSRaid4 - ok

12:30:30.0259 19996 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

12:30:30.0275 19996 Smb - ok

12:30:30.0322 19996 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

12:30:30.0322 19996 spldr - ok

12:30:30.0368 19996 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

12:30:30.0368 19996 srv - ok

12:30:30.0415 19996 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

12:30:30.0415 19996 srv2 - ok

12:30:30.0431 19996 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

12:30:30.0431 19996 srvnet - ok

12:30:30.0493 19996 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

12:30:30.0493 19996 STHDA - ok

12:30:30.0540 19996 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

12:30:30.0540 19996 swenum - ok

12:30:30.0556 19996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

12:30:30.0556 19996 Symc8xx - ok

12:30:30.0602 19996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

12:30:30.0602 19996 Sym_hi - ok

12:30:30.0634 19996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

12:30:30.0634 19996 Sym_u3 - ok

12:30:30.0712 19996 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

12:30:30.0743 19996 Tcpip - ok

12:30:30.0774 19996 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

12:30:30.0790 19996 Tcpip6 - ok

12:30:30.0805 19996 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

12:30:30.0821 19996 tcpipreg - ok

12:30:30.0836 19996 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

12:30:30.0836 19996 TDPIPE - ok

12:30:30.0868 19996 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

12:30:30.0868 19996 TDTCP - ok

12:30:30.0914 19996 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

12:30:30.0914 19996 tdx - ok

12:30:30.0961 19996 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

12:30:30.0961 19996 TermDD - ok

12:30:31.0024 19996 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:30:31.0024 19996 tssecsrv - ok

12:30:31.0133 19996 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

12:30:31.0180 19996 tunmp - ok

12:30:31.0304 19996 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

12:30:31.0304 19996 tunnel - ok

12:30:31.0320 19996 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

12:30:31.0336 19996 uagp35 - ok

12:30:31.0351 19996 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

12:30:31.0367 19996 udfs - ok

12:30:31.0414 19996 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

12:30:31.0414 19996 uliagpkx - ok

12:30:31.0445 19996 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

12:30:31.0445 19996 uliahci - ok

12:30:31.0492 19996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

12:30:31.0492 19996 UlSata - ok

12:30:31.0507 19996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

12:30:31.0507 19996 ulsata2 - ok

12:30:31.0538 19996 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

12:30:31.0538 19996 umbus - ok

12:30:31.0570 19996 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

12:30:31.0585 19996 USBAAPL - ok

12:30:31.0632 19996 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys

12:30:31.0632 19996 usbaudio - ok

12:30:31.0679 19996 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys

12:30:31.0679 19996 usbccgp - ok

12:30:31.0726 19996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

12:30:31.0726 19996 usbcir - ok

12:30:31.0757 19996 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys

12:30:31.0757 19996 usbehci - ok

12:30:31.0804 19996 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys

12:30:31.0804 19996 usbhub - ok

12:30:31.0819 19996 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

12:30:31.0835 19996 usbohci - ok

12:30:31.0850 19996 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

12:30:31.0850 19996 usbprint - ok

12:30:31.0913 19996 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

12:30:31.0913 19996 usbscan - ok

12:30:31.0944 19996 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:30:31.0944 19996 USBSTOR - ok

12:30:31.0975 19996 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys

12:30:31.0975 19996 usbuhci - ok

12:30:32.0038 19996 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

12:30:32.0038 19996 vga - ok

12:30:32.0162 19996 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

12:30:32.0162 19996 VgaSave - ok

12:30:32.0303 19996 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

12:30:32.0303 19996 viaagp - ok

12:30:32.0381 19996 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

12:30:32.0381 19996 ViaC7 - ok

12:30:32.0412 19996 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

12:30:32.0412 19996 viaide - ok

12:30:32.0428 19996 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

12:30:32.0443 19996 volmgr - ok

12:30:32.0443 19996 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

12:30:32.0459 19996 volmgrx - ok

12:30:32.0490 19996 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

12:30:32.0506 19996 volsnap - ok

12:30:32.0537 19996 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

12:30:32.0537 19996 vsmraid - ok

12:30:32.0584 19996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

12:30:32.0584 19996 WacomPen - ok

12:30:32.0615 19996 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

12:30:32.0615 19996 Wanarp - ok

12:30:32.0630 19996 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

12:30:32.0630 19996 Wanarpv6 - ok

12:30:32.0677 19996 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

12:30:32.0677 19996 Wd - ok

12:30:32.0708 19996 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

12:30:32.0724 19996 Wdf01000 - ok

12:30:32.0786 19996 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

12:30:32.0802 19996 winachsf - ok

12:30:32.0896 19996 WINUSB (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS

12:30:32.0896 19996 WINUSB - ok

12:30:32.0942 19996 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

12:30:32.0942 19996 WmiAcpi - ok

12:30:33.0020 19996 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

12:30:33.0020 19996 WpdUsb - ok

12:30:33.0067 19996 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

12:30:33.0067 19996 ws2ifsl - ok

12:30:33.0176 19996 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:30:33.0176 19996 WUDFRd - ok

12:30:33.0223 19996 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

12:30:33.0223 19996 XAudio - ok

12:30:33.0286 19996 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

12:30:33.0332 19996 \Device\Harddisk0\DR0 - ok

12:30:33.0379 19996 Boot (0x1200) (4f3c888c82cbc6e330a3518b29c30be7) \Device\Harddisk0\DR0\Partition0

12:30:33.0379 19996 \Device\Harddisk0\DR0\Partition0 - ok

12:30:33.0379 19996 Boot (0x1200) (a7765c9e7822a3a7e31a46f7609dd2b5) \Device\Harddisk0\DR0\Partition1

12:30:33.0379 19996 \Device\Harddisk0\DR0\Partition1 - ok

12:30:33.0379 19996 ============================================================

12:30:33.0379 19996 Scan finished

12:30:33.0379 19996 ============================================================

12:30:33.0395 19988 Detected object count: 1

12:30:33.0395 19988 Actual detected object count: 1

12:30:47.0372 19988 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine

12:30:47.0700 19988 Backup copy found, using it..

12:30:47.0731 19988 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot

12:30:51.0038 19988 netbt ( Virus.Win32.ZAccess.k ) - User select action: Cure

12:30:54.0502 19940 Deinitialize success

Link to post
Share on other sites

Please delete that copy of combofix and download a new one. Try to run that. If is still doesn't work, please do the following:

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Link to post
Share on other sites

Ok, I went into safe mode with networking again, deleted combofix, and downloaded it again. I turned off all virus and malware blockers, ran it from the desktop, and ran it by choosing Run as Administrator. Still got the same error. So while still in Safe Mode, I downloaded Junction and ran it as instructed. Below is the text from the log:

Junction Log

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION

Print Name : C:\Users

Substitute Name: C:\Users

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\System Volume Information: Access is denied.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

...

..\\?\c:\\Users\All Users: SYMBOLIC LINK

Print Name : C:\ProgramData

Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION

Print Name : C:\Users\Default

Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...

...

\\?\c:\\Users\Christie\Application Data: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming

Substitute Name: C:\Users\Christie\AppData\Roaming

\\?\c:\\Users\Christie\Cookies: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Christie\Local Settings: JUNCTION

Print Name : C:\Users\Christie\AppData\Local

Substitute Name: C:\Users\Christie\AppData\Local

\\?\c:\\Users\Christie\My Documents: JUNCTION

Print Name : C:\Users\Christie\Documents

Substitute Name: C:\Users\Christie\Documents

\\?\c:\\Users\Christie\NetHood: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Christie\PrintHood: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Christie\Recent: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Christie\SendTo: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Christie\Start Menu: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Christie\Templates: JUNCTION

Print Name : C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Christie\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Christie\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Christie\AppData\Local

Substitute Name: C:\Users\Christie\AppData\Local

\\?\c:\\Users\Christie\AppData\Local\History: JUNCTION

Print Name : C:\Users\Christie\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Christie\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Christie\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Christie\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Christie\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\Users\Christie\AppData\LocalLow\PlayReady: JUNCTION

Print Name : C:\ProgramData\Microsoft\PlayReady

Substitute Name: C:\ProgramData\Microsoft\PlayReady

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\Users\Christie\Documents\My Music: JUNCTION

Print Name : C:\Users\Christie\Music

Substitute Name: C:\Users\Christie\Music

\\?\c:\\Users\Christie\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Christie\Pictures

Substitute Name: C:\Users\Christie\Pictures

\\?\c:\\Users\Christie\Documents\My Videos: JUNCTION

Print Name : C:\Users\Christie\Videos

Substitute Name: C:\Users\Christie\Videos

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\Users\Default\Application Data: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming

Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION

Print Name : C:\Users\Default\AppData\Local

Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION

Print Name : C:\Users\Default\Documents

Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION

Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Default\AppData\Local

Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION

Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION

Print Name : C:\Users\Default\Music

Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Default\Pictures

Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION

Print Name : C:\Users\Default\Videos

Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Kids\Application Data: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming

Substitute Name: C:\Users\Kids\AppData\Roaming

\\?\c:\\Users\Kids\Cookies: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Kids\Local Settings: JUNCTION

Print Name : C:\Users\Kids\AppData\Local

Substitute Name: C:\Users\Kids\AppData\Local

\\?\c:\\Users\Kids\My Documents: JUNCTION

Print Name : C:\Users\Kids\Documents

Substitute Name: C:\Users\Kids\Documents

\\?\c:\\Users\Kids\NetHood: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Kids\PrintHood: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Kids\Recent: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Kids\SendTo: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Kids\Start Menu: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Kids\Templates: JUNCTION

Print Name : C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Kids\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Kids\AppData\Local

Substitute Name: C:\Users\Kids\AppData\Local

\\?\c:\\Users\Kids\AppData\Local\History: JUNCTION

Print Name : C:\Users\Kids\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Kids\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Kids\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF89D9.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF89DE.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF8A19.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF8A1E.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF8A48.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DF8A4D.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFA103.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFA8A0.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFA8AC.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFA980.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFA994.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFAA84.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFAA89.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFC475.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFCDB6.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFD92E.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFEDAD.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFFEDD.tmp: Access is denied.

Failed to open \\?\c:\\Users\Kids\AppData\Local\Temp\~DFFF61.tmp: Access is denied.

..\\?\c:\\Users\Kids\Documents\My Music: JUNCTION

Print Name : C:\Users\Kids\Music

Substitute Name: C:\Users\Kids\Music

\\?\c:\\Users\Kids\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Kids\Pictures

Substitute Name: C:\Users\Kids\Pictures

\\?\c:\\Users\Kids\Documents\My Videos: JUNCTION

Print Name : C:\Users\Kids\Videos

Substitute Name: C:\Users\Kids\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION

Print Name : C:\Users\Public\Music

Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Public\Pictures

Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION

Print Name : C:\Users\Public\Videos

Substitute Name: C:\Users\Public\Videos

Failed to open \\?\c:\\Windows\$NtUninstallKB38885$: Access is denied.

Failed to open \\?\c:\\Windows\bthservsdp.dat: Access is denied.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.

..

...

...

...

...

...

..

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-activexcompat_31bf3856ad364e35_6.0.6000.16997_none_f409187306aa9e52.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack.resources_31bf3856ad364e35_6.0.6000.16386_en-us_34f10b290bb1cb41.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack.resources_31bf3856ad364e35_6.0.6000.16386_en-us_34f10b290bb1cb41_advpack.dll.mui_2fc06c95: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa_advpack.dll_8c6ea088: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db_atl.dll_0c7220db: Access is denied.

.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.0.6000.16945_none_cb41288b7a9b8684.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.0.6000.16945_none_cb41288b7a9b8684_meiryob.ttc_d9ebd964: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669_t2embed.dll_66e8486f: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16945_none_72531e3e4a65a4dd.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16945_none_72531e3e4a65a4dd_meiryo.ttc_ab0401d6: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmfd.dll_ff796bf0: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmlib.dll_fe5ca5c9: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_dciman32.dll_a41dd515: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_fontsub.dll_367a1189: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_lpk.dll_ebdc1de9: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d_urlmon.dll_95c89473: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8ec67dbe67b10ffa.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..favorites.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8ec67dbe67b10ffa_webcheck.dll.mui_02eb257b: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1619e9095cbe2181.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1619e9095cbe2181_wininet.dll.mui_f8b64b63: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5_iphlpsvc.dll_805aaf49: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5_tunmp.sys_39032989: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5_tunnel.sys_90392579: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5326aabe12a1c009.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..plication.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5326aabe12a1c009_mshta.exe.mui_a1fb37ec: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0ab1a98b06821521.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0ab1a98b06821521_mshtml.dll.mui_ac14fe8a: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6c4befa3e48e5776.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6c4befa3e48e5776_urlmon.dll.mui_70ce5b28: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_jsproxy.dll_3cc8d651: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininet.dll_790e2e3a: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininetplugin.dll_f2ff35f9: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtmsft.dll_4b67eac6: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtrans.dll_814d2aee: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_6.0.6000.16982_none_3a74f442d9b27ed4.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16982_none_1534b58712e1db28.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.dll_fab8f891: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.tlb_fab8f577: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_6.0.6000.16386_none_3bbe06d7f6236ad9.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_6.0.6000.16386_none_3bbe06d7f6236ad9_imgutil.dll_c9cbe719: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6000.16386_none_5ef520fc54ce7fc1.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6000.16386_none_5ef520fc54ce7fc1_desktop.ini_5a213caa: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6000.16386_none_5ef520fc54ce7fc1_webcheck.dll_51270a50: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_57866a998cdbaed6.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_57866a998cdbaed6_msrating.dll.mui_1766bbd6: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_6.0.6000.16386_none_c55b7c585fd029f3.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_6.0.6000.16386_none_c55b7c585fd029f3_icrav03.rat_f45b50b9: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_6.0.6000.16386_none_c55b7c585fd029f3_msrating.dll_1c192d35: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_6.0.6000.16386_none_c55b7c585fd029f3_ticrf.rat_521f530b: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4ef6e948d37813ff.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4ef6e948d37813ff_inseng.dll.mui_a1e2eb1b: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-setup_31bf3856ad364e35_6.0.6000.16386_none_970899aa4add3c6a.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-setup_31bf3856ad364e35_6.0.6000.16386_none_970899aa4add3c6a_inseng.dll_ca51d7c0: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8d8f8634d0c34614.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8d8f8634d0c34614_ieframe.dll.mui_cf6ad79e: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8d8f8634d0c34614_ieui.dll.mui_4646a545: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieframe.dll_c6cbe33f: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieui.dll_f0fcf806: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_ksecdd.sys_dfd5d421: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsa-ppdlic.xrm-ms_507c6c63: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsasrv.dll_56db747f: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsass.exe_682060de: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_secur32.dll_8d4d0a15: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f_msasn1.dll_e56dbc57: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msls31_31bf3856ad364e35_6.0.6000.16386_none_c9c911baa588ad17.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msls31_31bf3856ad364e35_6.0.6000.16386_none_c9c911baa588ad17_msls31.dll_8d36fcb7: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3.dll_eaee1698: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3r.dll_d752d00e: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6.dll_ebe15265: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6r.dll_d8460bdb: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b_netio.sys_a06e75d0: Access is denied.

.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67_ntkrnlpa.exe_165c312a: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67_ntoskrnl.exe_0fb0ab79: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5_schannel.dll_7364eaa8: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e_mrxsmb.sys_cf1a02fc: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7_netiomig.dll_917b9a36: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7_netiougc.exe_94123cfe: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7_tcpip.sys_3339bd51: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7_tcpipcfg.dll_e3a99e8a: Access is denied.

.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2_wuaueng.dll.mui_297f975d: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc_win32k.sys_0d7a6fb3: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.16984_none_ed7582999d27906b.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.16984_none_ed7582999d27906b_wintrust.dll_abec426a: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7_gdiplus.dll_423f7010: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e_gdiplus.dll_423f7010: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274.manifest: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274_winhttp.dll_6cd72d6e: Access is denied.

.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_inf_iem_0409_99b22b312bb4378f.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_gc32_972ee38cf65a9c2f.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_licensing_ppdlic_e4dbfd5267861904.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_movie_maker_ed8d29f9f8ff4e89.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms: Access is denied.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms: Access is denied.

.

Failed to open \\?\c:\\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms: Access is denied.

..

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Windows\winsxs\Temp\PendingRenames: Access is denied.

...

...

...

...

...

...

...

...

...

.

Link to post
Share on other sites

Here you go.

TDSS Log

10:32:33.0485 13564 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

10:32:33.0910 13564 ============================================================

10:32:33.0910 13564 Current date / time: 2012/02/08 10:32:33.0909

10:32:33.0910 13564 SystemInfo:

10:32:33.0910 13564

10:32:33.0910 13564 OS Version: 6.0.6000 ServicePack: 0.0

10:32:33.0910 13564 Product type: Workstation

10:32:33.0910 13564 ComputerName: FAMILY-DESKTOP

10:32:33.0910 13564 UserName: Christie

10:32:33.0910 13564 Windows directory: C:\Windows

10:32:33.0910 13564 System windows directory: C:\Windows

10:32:33.0910 13564 Processor architecture: Intel x86

10:32:33.0910 13564 Number of processors: 2

10:32:33.0910 13564 Page size: 0x1000

10:32:33.0910 13564 Boot type: Normal boot

10:32:33.0910 13564 ============================================================

10:32:34.0322 13564 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:32:34.0325 13564 \Device\Harddisk0\DR0:

10:32:34.0325 13564 MBR used

10:32:34.0325 13564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000

10:32:34.0325 13564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x115F1000

10:32:34.0386 13564 Initialize success

10:32:34.0386 13564 ============================================================

10:32:51.0001 13200 ============================================================

10:32:51.0001 13200 Scan started

10:32:51.0001 13200 Mode: Manual;

10:32:51.0001 13200 ============================================================

10:32:52.0733 13200 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

10:32:52.0733 13200 ACPI - ok

10:32:52.0826 13200 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

10:32:52.0842 13200 adp94xx - ok

10:32:52.0889 13200 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

10:32:52.0889 13200 adpahci - ok

10:32:52.0920 13200 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

10:32:52.0920 13200 adpu160m - ok

10:32:52.0951 13200 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

10:32:52.0951 13200 adpu320 - ok

10:32:52.0982 13200 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

10:32:52.0998 13200 AFD - ok

10:32:53.0014 13200 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

10:32:53.0014 13200 agp440 - ok

10:32:53.0045 13200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

10:32:53.0045 13200 aic78xx - ok

10:32:53.0107 13200 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

10:32:53.0107 13200 aliide - ok

10:32:53.0138 13200 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

10:32:53.0138 13200 amdagp - ok

10:32:53.0170 13200 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

10:32:53.0170 13200 amdide - ok

10:32:53.0201 13200 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

10:32:53.0201 13200 AmdK7 - ok

10:32:53.0232 13200 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

10:32:53.0232 13200 AmdK8 - ok

10:32:53.0294 13200 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

10:32:53.0294 13200 arc - ok

10:32:53.0326 13200 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

10:32:53.0326 13200 arcsas - ok

10:32:53.0357 13200 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

10:32:53.0357 13200 AsyncMac - ok

10:32:53.0404 13200 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys

10:32:53.0404 13200 atapi - ok

10:32:53.0450 13200 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

10:32:53.0466 13200 BCM43XV - ok

10:32:53.0497 13200 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

10:32:53.0497 13200 Beep - ok

10:32:53.0528 13200 blbdrive - ok

10:32:53.0606 13200 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

10:32:53.0606 13200 bowser - ok

10:32:53.0638 13200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

10:32:53.0638 13200 BrFiltLo - ok

10:32:53.0669 13200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

10:32:53.0669 13200 BrFiltUp - ok

10:32:53.0700 13200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

10:32:53.0700 13200 Brserid - ok

10:32:53.0731 13200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

10:32:53.0731 13200 BrSerWdm - ok

10:32:53.0762 13200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

10:32:53.0762 13200 BrUsbMdm - ok

10:32:53.0794 13200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

10:32:53.0794 13200 BrUsbSer - ok

10:32:53.0840 13200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

10:32:53.0840 13200 BTHMODEM - ok

10:32:53.0872 13200 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

10:32:53.0872 13200 cdfs - ok

10:32:53.0887 13200 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

10:32:53.0887 13200 cdrom - ok

10:32:53.0918 13200 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

10:32:53.0918 13200 circlass - ok

10:32:53.0950 13200 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

10:32:53.0950 13200 CLFS - ok

10:32:53.0981 13200 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

10:32:53.0981 13200 cmdide - ok

10:32:54.0012 13200 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

10:32:54.0012 13200 Compbatt - ok

10:32:54.0043 13200 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

10:32:54.0043 13200 crcdisk - ok

10:32:54.0074 13200 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

10:32:54.0074 13200 Crusoe - ok

10:32:54.0137 13200 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

10:32:54.0137 13200 DfsC - ok

10:32:54.0199 13200 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

10:32:54.0199 13200 disk - ok

10:32:54.0262 13200 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

10:32:54.0262 13200 drmkaud - ok

10:32:54.0308 13200 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

10:32:54.0355 13200 DXGKrnl - ok

10:32:54.0402 13200 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

10:32:54.0418 13200 e1express - ok

10:32:54.0449 13200 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

10:32:54.0449 13200 E1G60 - ok

10:32:54.0480 13200 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

10:32:54.0480 13200 Ecache - ok

10:32:54.0511 13200 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

10:32:54.0527 13200 elxstor - ok

10:32:54.0558 13200 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

10:32:54.0558 13200 fastfat - ok

10:32:54.0574 13200 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

10:32:54.0574 13200 fdc - ok

10:32:54.0605 13200 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

10:32:54.0605 13200 FileInfo - ok

10:32:54.0620 13200 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

10:32:54.0636 13200 Filetrace - ok

10:32:54.0652 13200 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

10:32:54.0652 13200 flpydisk - ok

10:32:54.0698 13200 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

10:32:54.0714 13200 FltMgr - ok

10:32:54.0745 13200 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

10:32:54.0745 13200 Fs_Rec - ok

10:32:54.0776 13200 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

10:32:54.0792 13200 gagp30kx - ok

10:32:54.0839 13200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

10:32:54.0854 13200 GEARAspiWDM - ok

10:32:54.0948 13200 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

10:32:54.0948 13200 HdAudAddService - ok

10:32:54.0979 13200 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:32:54.0979 13200 HDAudBus - ok

10:32:55.0026 13200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

10:32:55.0026 13200 HidBth - ok

10:32:55.0073 13200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

10:32:55.0073 13200 HidIr - ok

10:32:55.0120 13200 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

10:32:55.0120 13200 HidUsb - ok

10:32:55.0151 13200 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

10:32:55.0151 13200 HpCISSs - ok

10:32:55.0213 13200 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

10:32:55.0229 13200 HSF_DPV - ok

10:32:55.0276 13200 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

10:32:55.0276 13200 HSXHWBS2 - ok

10:32:55.0354 13200 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys

10:32:55.0354 13200 HTTP - ok

10:32:55.0400 13200 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

10:32:55.0400 13200 i2omp - ok

10:32:55.0447 13200 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

10:32:55.0447 13200 i8042prt - ok

10:32:55.0541 13200 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys

10:32:55.0541 13200 iaStor - ok

10:32:55.0588 13200 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

10:32:55.0588 13200 iaStorV - ok

10:32:55.0681 13200 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:32:55.0712 13200 igfx - ok

10:32:55.0744 13200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

10:32:55.0744 13200 iirsp - ok

10:32:55.0806 13200 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys

10:32:55.0806 13200 intelide - ok

10:32:55.0837 13200 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

10:32:55.0837 13200 intelppm - ok

10:32:55.0868 13200 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:32:55.0884 13200 IpFilterDriver - ok

10:32:55.0884 13200 IpInIp - ok

10:32:55.0931 13200 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

10:32:55.0931 13200 IPMIDRV - ok

10:32:55.0962 13200 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

10:32:55.0962 13200 IPNAT - ok

10:32:56.0009 13200 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

10:32:56.0009 13200 IRENUM - ok

10:32:56.0056 13200 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

10:32:56.0056 13200 isapnp - ok

10:32:56.0087 13200 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

10:32:56.0087 13200 iScsiPrt - ok

10:32:56.0134 13200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

10:32:56.0134 13200 iteatapi - ok

10:32:56.0165 13200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

10:32:56.0165 13200 iteraid - ok

10:32:56.0212 13200 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

10:32:56.0212 13200 kbdclass - ok

10:32:56.0227 13200 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

10:32:56.0227 13200 kbdhid - ok

10:32:56.0290 13200 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

10:32:56.0290 13200 KSecDD - ok

10:32:56.0430 13200 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

10:32:56.0446 13200 Lbd - ok

10:32:56.0477 13200 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

10:32:56.0477 13200 lltdio - ok

10:32:56.0524 13200 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

10:32:56.0539 13200 LSI_FC - ok

10:32:56.0539 13200 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

10:32:56.0555 13200 LSI_SAS - ok

10:32:56.0570 13200 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

10:32:56.0570 13200 LSI_SCSI - ok

10:32:56.0602 13200 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

10:32:56.0617 13200 luafv - ok

10:32:56.0664 13200 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\DRIVERS\LVUSBSta.sys

10:32:56.0664 13200 LVUSBSta - ok

10:32:56.0773 13200 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys

10:32:56.0851 13200 LVUVC - ok

10:32:56.0898 13200 mbamchameleon (96c57f15a2b2015aa88d62a3e9daebc8) C:\Windows\system32\drivers\mbamchameleon.sys

10:32:56.0898 13200 mbamchameleon - ok

10:32:56.0929 13200 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

10:32:56.0929 13200 mdmxsdk - ok

10:32:56.0976 13200 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

10:32:56.0976 13200 megasas - ok

10:32:57.0023 13200 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

10:32:57.0023 13200 Modem - ok

10:32:57.0085 13200 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

10:32:57.0085 13200 monitor - ok

10:32:57.0132 13200 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

10:32:57.0132 13200 mouclass - ok

10:32:57.0163 13200 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

10:32:57.0163 13200 mouhid - ok

10:32:57.0210 13200 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

10:32:57.0210 13200 MountMgr - ok

10:32:57.0226 13200 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

10:32:57.0226 13200 mpio - ok

10:32:57.0272 13200 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

10:32:57.0272 13200 mpsdrv - ok

10:32:57.0304 13200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

10:32:57.0319 13200 Mraid35x - ok

10:32:57.0350 13200 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

10:32:57.0350 13200 MRxDAV - ok

10:32:57.0382 13200 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:32:57.0382 13200 mrxsmb - ok

10:32:57.0428 13200 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:32:57.0428 13200 mrxsmb10 - ok

10:32:57.0460 13200 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:32:57.0460 13200 mrxsmb20 - ok

10:32:57.0491 13200 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

10:32:57.0491 13200 msahci - ok

10:32:57.0522 13200 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

10:32:57.0522 13200 msdsm - ok

10:32:57.0553 13200 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

10:32:57.0553 13200 Msfs - ok

10:32:57.0600 13200 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

10:32:57.0600 13200 msisadrv - ok

10:32:57.0647 13200 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

10:32:57.0647 13200 MSKSSRV - ok

10:32:57.0678 13200 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

10:32:57.0678 13200 MSPCLOCK - ok

10:32:57.0709 13200 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

10:32:57.0709 13200 MSPQM - ok

10:32:57.0740 13200 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

10:32:57.0740 13200 MsRPC - ok

10:32:57.0772 13200 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

10:32:57.0772 13200 mssmbios - ok

10:32:57.0834 13200 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

10:32:57.0834 13200 MSTEE - ok

10:32:57.0865 13200 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

10:32:57.0865 13200 Mup - ok

10:32:57.0896 13200 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

10:32:57.0912 13200 NativeWifiP - ok

10:32:57.0943 13200 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

10:32:57.0959 13200 NDIS - ok

10:32:58.0037 13200 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

10:32:58.0037 13200 NdisTapi - ok

10:32:58.0068 13200 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

10:32:58.0068 13200 Ndisuio - ok

10:32:58.0099 13200 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

10:32:58.0099 13200 NdisWan - ok

10:32:58.0162 13200 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

10:32:58.0162 13200 NDProxy - ok

10:32:58.0193 13200 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

10:32:58.0193 13200 NetBIOS - ok

10:32:58.0224 13200 netbt (5fdc78f18a3bcf5cd19f28a5a9e6eda1) C:\Windows\system32\DRIVERS\netbt.sys

10:32:58.0224 13200 netbt ( Virus.Win32.ZAccess.c ) - infected

10:32:58.0224 13200 netbt - detected Virus.Win32.ZAccess.c (0)

10:32:58.0271 13200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

10:32:58.0271 13200 nfrd960 - ok

10:32:58.0302 13200 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

10:32:58.0302 13200 Npfs - ok

10:32:58.0333 13200 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

10:32:58.0333 13200 nsiproxy - ok

10:32:58.0380 13200 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

10:32:58.0411 13200 Ntfs - ok

10:32:58.0458 13200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

10:32:58.0458 13200 ntrigdigi - ok

10:32:58.0474 13200 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

10:32:58.0474 13200 Null - ok

10:32:58.0505 13200 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

10:32:58.0505 13200 nvraid - ok

10:32:58.0520 13200 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

10:32:58.0520 13200 nvstor - ok

10:32:58.0552 13200 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

10:32:58.0552 13200 nv_agp - ok

10:32:58.0567 13200 NwlnkFlt - ok

10:32:58.0583 13200 NwlnkFwd - ok

10:32:58.0630 13200 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

10:32:58.0645 13200 ohci1394 - ok

10:32:58.0692 13200 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys

10:32:58.0692 13200 PalmUSBD - ok

10:32:58.0739 13200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

10:32:58.0739 13200 Parport - ok

10:32:58.0895 13200 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys

10:32:58.0895 13200 partmgr - ok

10:32:58.0957 13200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

10:32:58.0957 13200 Parvdm - ok

10:32:58.0973 13200 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

10:32:58.0988 13200 pci - ok

10:32:59.0004 13200 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

10:32:59.0004 13200 pciide - ok

10:32:59.0051 13200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

10:32:59.0051 13200 pcmcia - ok

10:32:59.0113 13200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

10:32:59.0144 13200 PEAUTH - ok

10:32:59.0222 13200 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

10:32:59.0222 13200 PptpMiniport - ok

10:32:59.0254 13200 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

10:32:59.0254 13200 Processor - ok

10:32:59.0332 13200 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

10:32:59.0332 13200 PSched - ok

10:32:59.0394 13200 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

10:32:59.0410 13200 ql2300 - ok

10:32:59.0456 13200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

10:32:59.0456 13200 ql40xx - ok

10:32:59.0472 13200 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

10:32:59.0472 13200 QWAVEdrv - ok

10:32:59.0550 13200 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

10:32:59.0581 13200 R300 - ok

10:32:59.0659 13200 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

10:32:59.0659 13200 RasAcd - ok

10:32:59.0690 13200 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:32:59.0706 13200 Rasl2tp - ok

10:32:59.0722 13200 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

10:32:59.0722 13200 RasPppoe - ok

10:32:59.0753 13200 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

10:32:59.0753 13200 rdbss - ok

10:32:59.0768 13200 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:32:59.0784 13200 RDPCDD - ok

10:32:59.0815 13200 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

10:32:59.0815 13200 rdpdr - ok

10:32:59.0862 13200 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

10:32:59.0862 13200 RDPENCDD - ok

10:32:59.0924 13200 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

10:32:59.0924 13200 RDPWD - ok

10:32:59.0987 13200 RimUsb - ok

10:33:00.0065 13200 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

10:33:00.0065 13200 RimVSerPort - ok

10:33:00.0112 13200 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys

10:33:00.0112 13200 ROOTMODEM - ok

10:33:00.0174 13200 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

10:33:00.0174 13200 rspndr - ok

10:33:00.0221 13200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

10:33:00.0221 13200 sbp2port - ok

10:33:00.0252 13200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:33:00.0252 13200 secdrv - ok

10:33:00.0299 13200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

10:33:00.0299 13200 Serenum - ok

10:33:00.0330 13200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

10:33:00.0330 13200 Serial - ok

10:33:00.0346 13200 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

10:33:00.0361 13200 sermouse - ok

10:33:00.0392 13200 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

10:33:00.0392 13200 sffdisk - ok

10:33:00.0424 13200 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

10:33:00.0439 13200 sffp_mmc - ok

10:33:00.0470 13200 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

10:33:00.0470 13200 sffp_sd - ok

10:33:00.0502 13200 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

10:33:00.0517 13200 sfloppy - ok

10:33:00.0533 13200 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

10:33:00.0533 13200 sisagp - ok

10:33:00.0564 13200 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

10:33:00.0564 13200 SiSRaid2 - ok

10:33:00.0595 13200 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

10:33:00.0595 13200 SiSRaid4 - ok

10:33:00.0626 13200 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

10:33:00.0626 13200 Smb - ok

10:33:00.0658 13200 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

10:33:00.0658 13200 spldr - ok

10:33:00.0704 13200 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

10:33:00.0720 13200 srv - ok

10:33:00.0751 13200 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

10:33:00.0751 13200 srv2 - ok

10:33:00.0767 13200 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

10:33:00.0782 13200 srvnet - ok

10:33:00.0845 13200 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

10:33:00.0860 13200 STHDA - ok

10:33:00.0892 13200 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

10:33:00.0892 13200 swenum - ok

10:33:00.0923 13200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

10:33:00.0923 13200 Symc8xx - ok

10:33:00.0938 13200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

10:33:00.0954 13200 Sym_hi - ok

10:33:00.0970 13200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

10:33:00.0985 13200 Sym_u3 - ok

10:33:01.0032 13200 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

10:33:01.0048 13200 Tcpip - ok

10:33:01.0079 13200 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

10:33:01.0094 13200 Tcpip6 - ok

10:33:01.0126 13200 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

10:33:01.0126 13200 tcpipreg - ok

10:33:01.0141 13200 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

10:33:01.0141 13200 TDPIPE - ok

10:33:01.0172 13200 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

10:33:01.0172 13200 TDTCP - ok

10:33:01.0204 13200 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

10:33:01.0204 13200 tdx - ok

10:33:01.0219 13200 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

10:33:01.0219 13200 TermDD - ok

10:33:01.0282 13200 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:33:01.0282 13200 tssecsrv - ok

10:33:01.0313 13200 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

10:33:01.0328 13200 tunmp - ok

10:33:01.0360 13200 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

10:33:01.0360 13200 tunnel - ok

10:33:01.0375 13200 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

10:33:01.0391 13200 uagp35 - ok

10:33:01.0422 13200 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

10:33:01.0438 13200 udfs - ok

10:33:01.0453 13200 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

10:33:01.0469 13200 uliagpkx - ok

10:33:01.0484 13200 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

10:33:01.0500 13200 uliahci - ok

10:33:01.0516 13200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

10:33:01.0516 13200 UlSata - ok

10:33:01.0547 13200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

10:33:01.0547 13200 ulsata2 - ok

10:33:01.0578 13200 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

10:33:01.0578 13200 umbus - ok

10:33:01.0609 13200 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

10:33:01.0625 13200 USBAAPL - ok

10:33:01.0672 13200 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys

10:33:01.0672 13200 usbaudio - ok

10:33:01.0718 13200 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys

10:33:01.0718 13200 usbccgp - ok

10:33:01.0750 13200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

10:33:01.0750 13200 usbcir - ok

10:33:01.0796 13200 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys

10:33:01.0796 13200 usbehci - ok

10:33:01.0828 13200 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys

10:33:01.0828 13200 usbhub - ok

10:33:01.0859 13200 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

10:33:01.0859 13200 usbohci - ok

10:33:01.0890 13200 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

10:33:01.0890 13200 usbprint - ok

10:33:01.0937 13200 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

10:33:01.0937 13200 usbscan - ok

10:33:01.0968 13200 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:33:01.0968 13200 USBSTOR - ok

10:33:02.0015 13200 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys

10:33:02.0015 13200 usbuhci - ok

10:33:02.0062 13200 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

10:33:02.0062 13200 vga - ok

10:33:02.0093 13200 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

10:33:02.0093 13200 VgaSave - ok

10:33:02.0124 13200 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

10:33:02.0124 13200 viaagp - ok

10:33:02.0171 13200 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

10:33:02.0171 13200 ViaC7 - ok

10:33:02.0186 13200 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

10:33:02.0202 13200 viaide - ok

10:33:02.0218 13200 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

10:33:02.0218 13200 volmgr - ok

10:33:02.0280 13200 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

10:33:02.0280 13200 volmgrx - ok

10:33:02.0327 13200 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

10:33:02.0327 13200 volsnap - ok

10:33:02.0358 13200 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

10:33:02.0358 13200 vsmraid - ok

10:33:02.0405 13200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

10:33:02.0405 13200 WacomPen - ok

10:33:02.0436 13200 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

10:33:02.0436 13200 Wanarp - ok

10:33:02.0452 13200 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

10:33:02.0452 13200 Wanarpv6 - ok

10:33:02.0483 13200 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

10:33:02.0483 13200 Wd - ok

10:33:02.0530 13200 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

10:33:02.0545 13200 Wdf01000 - ok

10:33:02.0608 13200 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

10:33:02.0623 13200 winachsf - ok

10:33:02.0717 13200 WINUSB (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS

10:33:02.0717 13200 WINUSB - ok

10:33:02.0764 13200 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

10:33:02.0764 13200 WmiAcpi - ok

10:33:02.0857 13200 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

10:33:02.0857 13200 WpdUsb - ok

10:33:02.0904 13200 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

10:33:02.0904 13200 ws2ifsl - ok

10:33:02.0935 13200 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:33:02.0951 13200 WUDFRd - ok

10:33:02.0982 13200 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

10:33:02.0982 13200 XAudio - ok

10:33:03.0029 13200 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

10:33:03.0076 13200 \Device\Harddisk0\DR0 - ok

10:33:03.0107 13200 Boot (0x1200) (4f3c888c82cbc6e330a3518b29c30be7) \Device\Harddisk0\DR0\Partition0

10:33:03.0107 13200 \Device\Harddisk0\DR0\Partition0 - ok

10:33:03.0107 13200 Boot (0x1200) (a7765c9e7822a3a7e31a46f7609dd2b5) \Device\Harddisk0\DR0\Partition1

10:33:03.0107 13200 \Device\Harddisk0\DR0\Partition1 - ok

10:33:03.0122 13200 ============================================================

10:33:03.0122 13200 Scan finished

10:33:03.0122 13200 ============================================================

10:33:03.0138 4340 Detected object count: 1

10:33:03.0138 4340 Actual detected object count: 1

10:33:14.0604 4340 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine

10:33:14.0604 4340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813

10:33:18.0098 4340 Backup copy found, using it..

10:33:18.0098 4340 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot

10:33:21.0078 4340 netbt ( Virus.Win32.ZAccess.c ) - User select action: Cure

10:33:25.0836 13688 Deinitialize success

Link to post
Share on other sites

I reran it. It found the same thing but in a slightly different way. I pasted below just the last part of the log which only covers what was detected so you can compare it to the previous log.

13:54:46.0640 5852 ============================================================

13:54:46.0640 5852 Scan finished

13:54:46.0640 5852 ============================================================

13:54:46.0655 0260 Detected object count: 1

13:54:46.0655 0260 Actual detected object count: 1

13:55:26.0248 0260 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine

13:55:29.0493 0260 Backup copy not found, trying to cure infected file..

13:55:29.0509 0260 Cure success, using it..

13:55:29.0524 0260 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot

13:55:32.0519 0260 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure

13:56:40.0723 2888 Deinitialize success

Link to post
Share on other sites

Lets just try this a bit differently.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt
    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review

Link to post
Share on other sites

  • 2 months later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.