Jump to content

Recommended Posts

Hello.

My operating system is Windows XP.

I was working online when AV Guard Online popped up. I could not exit from it; task manager would not even come up; and the computer froze. I was unable to bring the computer up without AV Guard Online popping up every time. When I brought it up in safe mode I could still see the AV Guard icon but it did not pop up to interfere this time. I was able to run SpyBot S & D, but it didn't find anything. I tried to run Malwarebytes AntiMalware and started quick scan. It looked like it was working for a few seconds but it disappeared into thin air. So I did a System Restore to a date 5 days previous. After that, I did not see AV Guard Online anywhere and have not seen it since.

However, since that time the computer often freezes and the task bar is beige instead of blue. Clicking on Mozilla Firefox will sometimes bring up the internet and other times nothing at all happens. When I do get on the internet, we may be able to work for awhile until it starts typing very slowly, or until it freezes and we have to use the computer off button to shut down. Also, often while on the internet, a new tab will open with an advertisement that I cannot close - without the computer freezing.

Working in safe mode (as I am typing now), I tried installing Malwarebytes with many of the suggestions found in FAQ. (http://forums.malwarebytes.org/index.php?showtopic=85715&st=0&p=434004entry434004). I uninstalled everything each time before installing again. Every time, Malwarebytes would start running in quick scan, but it would seem to progress for a few seconds and then totally disappear.

Let me know if you need any more info. Hope you can help. Thanks so much.

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hello. Thank you very much.

Here is the DDS.txt Log

Thank you for your help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 11:21:22 on 2011-10-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.77 [GMT -4:00]

.

FW: McAfee Personal Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\1093985662:2166016958.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Documents and Settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uInternet Settings,ProxyServer = http=127.0.0.1:6092

uInternet Settings,ProxyOverride = <local>;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"

mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renais~1.lnk - c:\windows\installer\{9328927c-ba9e-439c-ba1e-8eb3bd8fb6e0}\_C167998F9359606FC11225.exe

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: jcfb.org\trackit

Trusted Zone: utexas.edu\www.austin

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{6220C2CC-F16C-4B82-ACAB-CAA7551B1CEB} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{6220C2CC-F16C-4B82-ACAB-CAA7551B1CEB} : DhcpNameServer = 68.87.73.246 68.87.71.230

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l1rs2srb.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l1rs2srb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l1rs2srb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 385536]

R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2010-1-25 7680]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-6 203280]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-7-27 91392]

S2 AsUsbDrvXP;AsUsbDrvXP;c:\windows\system32\drivers\AsUsbDrvXP.sys [2010-8-27 17792]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-7-27 25856]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-6 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-6 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-6 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-6 40552]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-7-27 42752]

.

=============== Created Last 30 ================

.

2011-10-08 21:07:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 21:06:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 20:35:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 01:31:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-06 01:31:27 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-17 03:15:09 30774 ----a-w- C:\mail.google.com

2011-09-17 03:14:03 30774 ----a-w- C:\peterdude.com

2011-09-17 03:12:51 30774 ----a-w- C:\peter.com

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-04 00:01:58 15340944 ----a-w- C:\CeltxSetup-2.9.1.exe

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 11:24:01.89 ===============

Link to post
Share on other sites

Hello, unfortunately you have a nasty rootkit on your computer. Please read the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello, thank you for informing me of this.

I have disconnected that PC from the internet for now. What would you think of the idea of using combofix to kill the thing, so that i can get the files that i want to save off the computer, and then just scrapping that computer and getting a new one?

Thank you for your help and advice thus far!

Link to post
Share on other sites

I know you may not be at liberty to voice an opinion on this, but if i do the combofix which i fully intend to do probably tomorrow. Would it help with the "at riskness" of my computer if after getting rid of the virus, i had something like Norton or MBAM Pro? Or do you think it would still be at the same risk level of having something like this occur again, like you said previously? I'm kinda just looking for your opinion.

Once again thanks! I'll post the log tomorrow after i run Combofix.

Link to post
Share on other sites

Hello.

Thank you for your help. I ran ComboFix. Here is the log. Please let me know if/what else we need to do. Thanks again.

ComboFix 11-10-10.04 - Administrator 10/10/2011 20:13:20.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.723 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\My Documents\~WRL0295.tmp

c:\windows\$NtUninstallKB46427$\1600107542

c:\windows\$NtUninstallKB46427$\2128950337\@

c:\windows\$NtUninstallKB46427$\2128950337\bckfg.tmp

c:\windows\$NtUninstallKB46427$\2128950337\cfg.ini

c:\windows\$NtUninstallKB46427$\2128950337\Desktop.ini

c:\windows\$NtUninstallKB46427$\2128950337\keywords

c:\windows\$NtUninstallKB46427$\2128950337\kwrd.dll

c:\windows\$NtUninstallKB46427$\2128950337\L\wekonaun

c:\windows\$NtUninstallKB46427$\2128950337\lsflt7.ver

c:\windows\$NtUninstallKB46427$\2128950337\U\00000001.$

c:\windows\$NtUninstallKB46427$\2128950337\U\00000001.@

c:\windows\$NtUninstallKB46427$\2128950337\U\00000002.@

c:\windows\$NtUninstallKB46427$\2128950337\U\80000000.@

c:\windows\$NtUninstallKB46427$\2128950337\U\80000032.@

c:\windows\system32\d3d9caps.dat

c:\windows\$NtUninstallKB46427$ . . . . Failed to delete

.

c:\windows\system32\drivers\Cdr4_xp.sys . . . is infected!! . . . Failed to find a valid replacement.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_7ee53441

.

.

((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))

.

.

2011-10-08 21:07 . 2011-10-08 21:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-08 21:06 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 20:35 . 2011-10-08 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-08 01:16 . 2011-10-08 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-08 01:16 . 2011-10-08 01:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-10-06 01:31 . 2011-10-06 01:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-17 03:15 . 2011-09-17 03:15 30774 ----a-w- C:\mail.google.com

2011-09-17 03:14 . 2011-09-17 03:14 30774 ----a-w- C:\peterdude.com

2011-09-17 03:12 . 2011-09-17 03:14 30774 ----a-w- C:\peter.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-04 00:01 . 2011-09-04 00:02 15340944 ----a-w- C:\CeltxSetup-2.9.1.exe

2011-07-15 13:29 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]

"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Renaissance Wireless Server.lnk - c:\windows\Installer\{9328927C-BA9E-439C-BA1E-8EB3BD8FB6E0}\_C167998F9359606FC11225.exe [2011-3-24 22486]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Project Sirius\\Feedback3.jar"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [1/25/2010 10:55 PM 7680]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/6/2010 10:07 PM 203280]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [7/27/2010 8:38 PM 91392]

S2 AsUsbDrvXP;AsUsbDrvXP;c:\windows\system32\drivers\AsUsbDrvXP.sys [8/27/2010 12:46 PM 17792]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [7/27/2010 8:38 PM 25856]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/27/2010 8:38 PM 42752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-117609710-1177238915-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-06 19:57]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-117609710-1177238915-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-06 19:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uInternet Settings,ProxyServer = http=127.0.0.1:6092

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: jcfb.org\trackit

Trusted Zone: utexas.edu\www.austin

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{6220C2CC-F16C-4B82-ACAB-CAA7551B1CEB}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l1rs2srb.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-10 20:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-861567501-117609710-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,0c,2b,54,54,db,5f,4d,bd,44,06,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,0c,2b,54,54,db,5f,4d,bd,44,06,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3644)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\crypserv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

c:\program files\iPod\bin\iPodService.exe

c:\documents and settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Completion time: 2011-10-10 20:36:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-11 00:36

.

Pre-Run: 53,606,764,544 bytes free

Post-Run: 53,872,074,752 bytes free

.

- - End Of File - - AB46B92DA36189DD41E038CA295C106B

Link to post
Share on other sites

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello. I ran the scan and it didn't find any problems. Here is the log. Thank you.

17:55:59.0859 3180 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

17:56:00.0140 3180 ============================================================

17:56:00.0140 3180 Current date / time: 2011/10/11 17:56:00.0140

17:56:00.0140 3180 SystemInfo:

17:56:00.0140 3180

17:56:00.0140 3180 OS Version: 5.1.2600 ServicePack: 3.0

17:56:00.0140 3180 Product type: Workstation

17:56:00.0140 3180 ComputerName: JCS-0123

17:56:00.0140 3180 UserName: Administrator

17:56:00.0140 3180 Windows directory: C:\WINDOWS

17:56:00.0140 3180 System windows directory: C:\WINDOWS

17:56:00.0140 3180 Processor architecture: Intel x86

17:56:00.0140 3180 Number of processors: 2

17:56:00.0140 3180 Page size: 0x1000

17:56:00.0140 3180 Boot type: Normal boot

17:56:00.0140 3180 ============================================================

17:56:01.0593 3180 Initialize success

17:56:04.0906 3272 ============================================================

17:56:04.0906 3272 Scan started

17:56:04.0906 3272 Mode: Manual;

17:56:04.0906 3272 ============================================================

17:56:05.0875 3272 Abiosdsk - ok

17:56:05.0890 3272 abp480n5 - ok

17:56:05.0953 3272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:56:05.0953 3272 ACPI - ok

17:56:06.0000 3272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:56:06.0000 3272 ACPIEC - ok

17:56:06.0015 3272 adpu160m - ok

17:56:06.0062 3272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:56:06.0062 3272 aec - ok

17:56:06.0140 3272 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

17:56:06.0140 3272 AFD - ok

17:56:06.0140 3272 Aha154x - ok

17:56:06.0218 3272 Ai2sXP (0e47d2a7a9530d6cd2a64d1140499d19) C:\WINDOWS\System32\drivers\Ai2sXP.sys

17:56:06.0218 3272 Ai2sXP - ok

17:56:06.0218 3272 aic78u2 - ok

17:56:06.0234 3272 aic78xx - ok

17:56:06.0250 3272 AliIde - ok

17:56:06.0250 3272 amsint - ok

17:56:06.0312 3272 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys

17:56:06.0312 3272 androidusb - ok

17:56:06.0328 3272 asc - ok

17:56:06.0343 3272 asc3350p - ok

17:56:06.0343 3272 asc3550 - ok

17:56:06.0406 3272 AsUsbDrvXP (ecf7fc1f5a7c77b3870333f0f977c1bf) C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys

17:56:06.0406 3272 AsUsbDrvXP - ok

17:56:06.0484 3272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:56:06.0484 3272 AsyncMac - ok

17:56:06.0640 3272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:56:06.0640 3272 atapi - ok

17:56:06.0765 3272 Atdisk - ok

17:56:06.0796 3272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:56:06.0796 3272 Atmarpc - ok

17:56:06.0828 3272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:56:06.0828 3272 audstub - ok

17:56:06.0875 3272 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:56:06.0890 3272 b57w2k - ok

17:56:06.0921 3272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:56:06.0921 3272 Beep - ok

17:56:06.0937 3272 catchme - ok

17:56:06.0953 3272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:56:06.0953 3272 cbidf2k - ok

17:56:06.0968 3272 cd20xrnt - ok

17:56:07.0015 3272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:56:07.0015 3272 Cdaudio - ok

17:56:07.0031 3272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:56:07.0031 3272 Cdfs - ok

17:56:07.0093 3272 Cdr4_xp (f3b4a24cb52737ad4b8cd271370b5290) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

17:56:07.0093 3272 Cdr4_xp - ok

17:56:07.0109 3272 Cdralw2k (c911a4f1a849a3a3e3a255c3bce4197c) C:\WINDOWS\system32\drivers\Cdralw2k.sys

17:56:07.0109 3272 Cdralw2k - ok

17:56:07.0125 3272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:56:07.0125 3272 Cdrom - ok

17:56:07.0187 3272 cdudf_xp (3e0feb75975ab2ea1c0fc13014cdc910) C:\WINDOWS\system32\drivers\cdudf_xp.sys

17:56:07.0187 3272 cdudf_xp - ok

17:56:07.0203 3272 Changer - ok

17:56:07.0218 3272 CmdIde - ok

17:56:07.0234 3272 Cpqarray - ok

17:56:07.0250 3272 dac2w2k - ok

17:56:07.0250 3272 dac960nt - ok

17:56:07.0296 3272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:56:07.0296 3272 Disk - ok

17:56:07.0359 3272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:56:07.0390 3272 dmboot - ok

17:56:07.0578 3272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:56:07.0593 3272 dmio - ok

17:56:07.0640 3272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:56:07.0640 3272 dmload - ok

17:56:07.0703 3272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:56:07.0703 3272 DMusic - ok

17:56:07.0703 3272 dpti2o - ok

17:56:07.0718 3272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:56:07.0718 3272 drmkaud - ok

17:56:07.0796 3272 DVDVRRdr_xp (3722882edc0fb17bc363e34747112953) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

17:56:07.0796 3272 DVDVRRdr_xp - ok

17:56:07.0828 3272 dvd_2K (fe2ae8bf2f60cbab253dd04b99c6072c) C:\WINDOWS\system32\drivers\dvd_2K.sys

17:56:07.0828 3272 dvd_2K - ok

17:56:07.0875 3272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:56:07.0875 3272 Fastfat - ok

17:56:07.0890 3272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:56:07.0890 3272 Fdc - ok

17:56:07.0906 3272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:56:07.0906 3272 Fips - ok

17:56:07.0921 3272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:56:07.0921 3272 Flpydisk - ok

17:56:07.0984 3272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:56:07.0984 3272 FltMgr - ok

17:56:08.0000 3272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:56:08.0000 3272 Fs_Rec - ok

17:56:08.0015 3272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:56:08.0015 3272 Ftdisk - ok

17:56:08.0078 3272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:56:08.0078 3272 GEARAspiWDM - ok

17:56:08.0093 3272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:56:08.0093 3272 Gpc - ok

17:56:08.0156 3272 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:56:08.0156 3272 hidusb - ok

17:56:08.0171 3272 hpn - ok

17:56:08.0234 3272 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:56:08.0234 3272 HPZid412 - ok

17:56:08.0296 3272 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:56:08.0296 3272 HPZipr12 - ok

17:56:08.0312 3272 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:56:08.0312 3272 HPZius12 - ok

17:56:08.0375 3272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:56:08.0375 3272 HTTP - ok

17:56:08.0390 3272 i2omgmt - ok

17:56:08.0406 3272 i2omp - ok

17:56:08.0453 3272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

17:56:08.0453 3272 i8042prt - ok

17:56:08.0562 3272 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:56:08.0593 3272 ialm - ok

17:56:08.0640 3272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:56:08.0640 3272 Imapi - ok

17:56:08.0656 3272 ini910u - ok

17:56:08.0671 3272 IntelIde - ok

17:56:08.0703 3272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:56:08.0718 3272 intelppm - ok

17:56:08.0750 3272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:56:08.0750 3272 Ip6Fw - ok

17:56:08.0921 3272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:56:08.0921 3272 IpFilterDriver - ok

17:56:08.0937 3272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:56:08.0937 3272 IpInIp - ok

17:56:08.0968 3272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:56:08.0968 3272 IpNat - ok

17:56:09.0000 3272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:56:09.0015 3272 IPSec - ok

17:56:09.0046 3272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:56:09.0046 3272 IRENUM - ok

17:56:09.0062 3272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:56:09.0062 3272 isapnp - ok

17:56:09.0078 3272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:56:09.0078 3272 Kbdclass - ok

17:56:09.0093 3272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:56:09.0093 3272 kbdhid - ok

17:56:09.0156 3272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:56:09.0171 3272 kmixer - ok

17:56:09.0203 3272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:56:09.0203 3272 KSecDD - ok

17:56:09.0218 3272 lbrtfdc - ok

17:56:09.0296 3272 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

17:56:09.0296 3272 mfeavfk - ok

17:56:09.0328 3272 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

17:56:09.0328 3272 mfebopk - ok

17:56:09.0406 3272 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys

17:56:09.0421 3272 mfehidk - ok

17:56:09.0484 3272 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

17:56:09.0484 3272 mferkdk - ok

17:56:09.0546 3272 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

17:56:09.0546 3272 mfesmfk - ok

17:56:09.0609 3272 mmc_2K (5e7f122b025c798e11146cd17c645eae) C:\WINDOWS\system32\drivers\mmc_2K.sys

17:56:09.0609 3272 mmc_2K - ok

17:56:09.0703 3272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:56:09.0703 3272 mnmdd - ok

17:56:09.0765 3272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:56:09.0765 3272 Modem - ok

17:56:09.0812 3272 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

17:56:09.0812 3272 MotDev - ok

17:56:09.0890 3272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:56:09.0890 3272 Mouclass - ok

17:56:09.0953 3272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:56:09.0953 3272 mouhid - ok

17:56:09.0953 3272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:56:09.0953 3272 MountMgr - ok

17:56:09.0968 3272 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

17:56:09.0968 3272 MPFP - ok

17:56:09.0984 3272 mraid35x - ok

17:56:10.0000 3272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:56:10.0015 3272 MRxDAV - ok

17:56:10.0078 3272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:56:10.0093 3272 MRxSmb - ok

17:56:10.0250 3272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:56:10.0250 3272 Msfs - ok

17:56:10.0312 3272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:56:10.0312 3272 MSKSSRV - ok

17:56:10.0375 3272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:56:10.0375 3272 MSPCLOCK - ok

17:56:10.0390 3272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:56:10.0390 3272 MSPQM - ok

17:56:10.0437 3272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:56:10.0453 3272 mssmbios - ok

17:56:10.0484 3272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:56:10.0484 3272 Mup - ok

17:56:10.0546 3272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:56:10.0546 3272 NDIS - ok

17:56:10.0609 3272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:56:10.0609 3272 NdisTapi - ok

17:56:10.0687 3272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:56:10.0687 3272 Ndisuio - ok

17:56:10.0703 3272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:56:10.0703 3272 NdisWan - ok

17:56:10.0765 3272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:56:10.0765 3272 NDProxy - ok

17:56:10.0781 3272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:56:10.0781 3272 NetBIOS - ok

17:56:10.0859 3272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:56:10.0859 3272 NetBT - ok

17:56:10.0937 3272 NetworkX (285fd4aa8c264c1665b96186db3009b6) C:\WINDOWS\system32\ckldrv.sys

17:56:10.0937 3272 NetworkX - ok

17:56:10.0937 3272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:56:10.0937 3272 Npfs - ok

17:56:11.0015 3272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:56:11.0031 3272 Ntfs - ok

17:56:11.0078 3272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:56:11.0078 3272 Null - ok

17:56:11.0109 3272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:56:11.0109 3272 NwlnkFlt - ok

17:56:11.0140 3272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:56:11.0140 3272 NwlnkFwd - ok

17:56:11.0203 3272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:56:11.0203 3272 Parport - ok

17:56:11.0250 3272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:56:11.0250 3272 PartMgr - ok

17:56:11.0281 3272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:56:11.0281 3272 ParVdm - ok

17:56:11.0312 3272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:56:11.0312 3272 PCI - ok

17:56:11.0328 3272 PCIDump - ok

17:56:11.0328 3272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:56:11.0328 3272 PCIIde - ok

17:56:11.0359 3272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:56:11.0359 3272 Pcmcia - ok

17:56:11.0359 3272 PDCOMP - ok

17:56:11.0375 3272 PDFRAME - ok

17:56:11.0375 3272 PDRELI - ok

17:56:11.0390 3272 PDRFRAME - ok

17:56:11.0406 3272 perc2 - ok

17:56:11.0406 3272 perc2hib - ok

17:56:11.0437 3272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:56:11.0437 3272 PptpMiniport - ok

17:56:11.0453 3272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:56:11.0453 3272 PSched - ok

17:56:11.0500 3272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:56:11.0500 3272 Ptilink - ok

17:56:11.0562 3272 pwd_2k (a5c7d812354cfb50f308e684417b2282) C:\WINDOWS\system32\drivers\pwd_2k.sys

17:56:11.0562 3272 pwd_2k - ok

17:56:11.0578 3272 ql1080 - ok

17:56:11.0578 3272 Ql10wnt - ok

17:56:11.0593 3272 ql12160 - ok

17:56:11.0593 3272 ql1240 - ok

17:56:11.0609 3272 ql1280 - ok

17:56:11.0625 3272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:56:11.0625 3272 RasAcd - ok

17:56:11.0625 3272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:56:11.0640 3272 Rasl2tp - ok

17:56:11.0640 3272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:56:11.0640 3272 RasPppoe - ok

17:56:11.0656 3272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:56:11.0656 3272 Raspti - ok

17:56:11.0687 3272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:56:11.0687 3272 Rdbss - ok

17:56:11.0703 3272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:56:11.0703 3272 RDPCDD - ok

17:56:11.0781 3272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:56:11.0781 3272 rdpdr - ok

17:56:11.0953 3272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:56:11.0953 3272 RDPWD - ok

17:56:12.0000 3272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:56:12.0000 3272 redbook - ok

17:56:12.0078 3272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:56:12.0078 3272 Secdrv - ok

17:56:12.0140 3272 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

17:56:12.0156 3272 senfilt - ok

17:56:12.0171 3272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:56:12.0171 3272 serenum - ok

17:56:12.0187 3272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:56:12.0187 3272 Serial - ok

17:56:12.0203 3272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:56:12.0203 3272 Sfloppy - ok

17:56:12.0218 3272 Simbad - ok

17:56:12.0296 3272 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

17:56:12.0296 3272 smwdm - ok

17:56:12.0296 3272 Sparrow - ok

17:56:12.0312 3272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:56:12.0312 3272 splitter - ok

17:56:12.0390 3272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:56:12.0390 3272 sr - ok

17:56:12.0437 3272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:56:12.0437 3272 Srv - ok

17:56:12.0484 3272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:56:12.0484 3272 swenum - ok

17:56:12.0500 3272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:56:12.0500 3272 swmidi - ok

17:56:12.0500 3272 symc810 - ok

17:56:12.0515 3272 symc8xx - ok

17:56:12.0515 3272 sym_hi - ok

17:56:12.0531 3272 sym_u3 - ok

17:56:12.0546 3272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:56:12.0546 3272 sysaudio - ok

17:56:12.0625 3272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:56:12.0640 3272 Tcpip - ok

17:56:12.0687 3272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:56:12.0687 3272 TDPIPE - ok

17:56:12.0703 3272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:56:12.0703 3272 TDTCP - ok

17:56:12.0703 3272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:56:12.0703 3272 TermDD - ok

17:56:12.0718 3272 TosIde - ok

17:56:12.0781 3272 UdfReadr_xp (6facbcd4bfb3cfe2e5e178c2f8143077) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

17:56:12.0781 3272 UdfReadr_xp - ok

17:56:12.0828 3272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:56:12.0828 3272 Udfs - ok

17:56:12.0828 3272 ultra - ok

17:56:12.0890 3272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:56:12.0906 3272 Update - ok

17:56:12.0968 3272 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:56:12.0968 3272 usbaudio - ok

17:56:13.0140 3272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:56:13.0140 3272 usbccgp - ok

17:56:13.0187 3272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:56:13.0187 3272 usbehci - ok

17:56:13.0203 3272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:56:13.0203 3272 usbhub - ok

17:56:13.0234 3272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:56:13.0234 3272 usbprint - ok

17:56:13.0265 3272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:56:13.0281 3272 usbscan - ok

17:56:13.0296 3272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:56:13.0296 3272 USBSTOR - ok

17:56:13.0312 3272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:56:13.0312 3272 usbuhci - ok

17:56:13.0375 3272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:56:13.0375 3272 VgaSave - ok

17:56:13.0390 3272 ViaIde - ok

17:56:13.0437 3272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:56:13.0437 3272 VolSnap - ok

17:56:13.0453 3272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:56:13.0453 3272 Wanarp - ok

17:56:13.0500 3272 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:56:13.0515 3272 Wdf01000 - ok

17:56:13.0515 3272 WDICA - ok

17:56:13.0578 3272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:56:13.0578 3272 wdmaud - ok

17:56:13.0671 3272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:56:13.0671 3272 WpdUsb - ok

17:56:13.0750 3272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:56:13.0750 3272 WudfPf - ok

17:56:13.0765 3272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:56:13.0781 3272 WudfRd - ok

17:56:13.0812 3272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:56:13.0953 3272 \Device\Harddisk0\DR0 - ok

17:56:13.0953 3272 Boot (0x1200) (fc54f12c1b294a00c5f1f96c33042643) \Device\Harddisk0\DR0\Partition0

17:56:13.0953 3272 \Device\Harddisk0\DR0\Partition0 - ok

17:56:13.0953 3272 ============================================================

17:56:13.0953 3272 Scan finished

17:56:13.0953 3272 ============================================================

17:56:13.0968 3260 Detected object count: 0

17:56:13.0968 3260 Actual detected object count: 0

17:56:31.0296 3348 ============================================================

17:56:31.0296 3348 Scan started

17:56:31.0296 3348 Mode: Manual;

17:56:31.0296 3348 ============================================================

17:56:31.0390 3348 Abiosdsk - ok

17:56:31.0406 3348 abp480n5 - ok

17:56:31.0421 3348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:56:31.0421 3348 ACPI - ok

17:56:31.0468 3348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:56:31.0468 3348 ACPIEC - ok

17:56:31.0468 3348 adpu160m - ok

17:56:31.0515 3348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:56:31.0515 3348 aec - ok

17:56:31.0593 3348 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

17:56:31.0593 3348 AFD - ok

17:56:31.0718 3348 Aha154x - ok

17:56:31.0765 3348 Ai2sXP (0e47d2a7a9530d6cd2a64d1140499d19) C:\WINDOWS\System32\drivers\Ai2sXP.sys

17:56:31.0765 3348 Ai2sXP - ok

17:56:31.0765 3348 aic78u2 - ok

17:56:31.0781 3348 aic78xx - ok

17:56:31.0796 3348 AliIde - ok

17:56:31.0796 3348 amsint - ok

17:56:31.0859 3348 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys

17:56:31.0859 3348 androidusb - ok

17:56:31.0875 3348 asc - ok

17:56:31.0890 3348 asc3350p - ok

17:56:31.0890 3348 asc3550 - ok

17:56:31.0953 3348 AsUsbDrvXP (ecf7fc1f5a7c77b3870333f0f977c1bf) C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys

17:56:31.0968 3348 AsUsbDrvXP - ok

17:56:32.0015 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:56:32.0015 3348 AsyncMac - ok

17:56:32.0031 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:56:32.0031 3348 atapi - ok

17:56:32.0031 3348 Atdisk - ok

17:56:32.0078 3348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:56:32.0078 3348 Atmarpc - ok

17:56:32.0125 3348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:56:32.0125 3348 audstub - ok

17:56:32.0203 3348 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:56:32.0203 3348 b57w2k - ok

17:56:32.0218 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:56:32.0218 3348 Beep - ok

17:56:32.0218 3348 catchme - ok

17:56:32.0265 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:56:32.0265 3348 cbidf2k - ok

17:56:32.0265 3348 cd20xrnt - ok

17:56:32.0296 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:56:32.0296 3348 Cdaudio - ok

17:56:32.0343 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:56:32.0343 3348 Cdfs - ok

17:56:32.0390 3348 Cdr4_xp (f3b4a24cb52737ad4b8cd271370b5290) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

17:56:32.0390 3348 Cdr4_xp - ok

17:56:32.0406 3348 Cdralw2k (c911a4f1a849a3a3e3a255c3bce4197c) C:\WINDOWS\system32\drivers\Cdralw2k.sys

17:56:32.0406 3348 Cdralw2k - ok

17:56:32.0421 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:56:32.0421 3348 Cdrom - ok

17:56:32.0484 3348 cdudf_xp (3e0feb75975ab2ea1c0fc13014cdc910) C:\WINDOWS\system32\drivers\cdudf_xp.sys

17:56:32.0484 3348 cdudf_xp - ok

17:56:32.0500 3348 Changer - ok

17:56:32.0515 3348 CmdIde - ok

17:56:32.0531 3348 Cpqarray - ok

17:56:32.0546 3348 dac2w2k - ok

17:56:32.0546 3348 dac960nt - ok

17:56:32.0578 3348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:56:32.0578 3348 Disk - ok

17:56:32.0640 3348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:56:32.0640 3348 dmboot - ok

17:56:32.0656 3348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:56:32.0656 3348 dmio - ok

17:56:32.0656 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:56:32.0671 3348 dmload - ok

17:56:32.0718 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:56:32.0718 3348 DMusic - ok

17:56:32.0734 3348 dpti2o - ok

17:56:32.0796 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:56:32.0796 3348 drmkaud - ok

17:56:32.0843 3348 DVDVRRdr_xp (3722882edc0fb17bc363e34747112953) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

17:56:32.0843 3348 DVDVRRdr_xp - ok

17:56:32.0859 3348 dvd_2K (fe2ae8bf2f60cbab253dd04b99c6072c) C:\WINDOWS\system32\drivers\dvd_2K.sys

17:56:32.0859 3348 dvd_2K - ok

17:56:32.0906 3348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:56:32.0906 3348 Fastfat - ok

17:56:33.0000 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:56:33.0000 3348 Fdc - ok

17:56:33.0015 3348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:56:33.0015 3348 Fips - ok

17:56:33.0031 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:56:33.0031 3348 Flpydisk - ok

17:56:33.0062 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:56:33.0062 3348 FltMgr - ok

17:56:33.0062 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:56:33.0062 3348 Fs_Rec - ok

17:56:33.0109 3348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:56:33.0109 3348 Ftdisk - ok

17:56:33.0171 3348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:56:33.0171 3348 GEARAspiWDM - ok

17:56:33.0234 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:56:33.0234 3348 Gpc - ok

17:56:33.0296 3348 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:56:33.0296 3348 hidusb - ok

17:56:33.0312 3348 hpn - ok

17:56:33.0375 3348 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:56:33.0375 3348 HPZid412 - ok

17:56:33.0453 3348 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:56:33.0453 3348 HPZipr12 - ok

17:56:33.0453 3348 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:56:33.0453 3348 HPZius12 - ok

17:56:33.0515 3348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:56:33.0515 3348 HTTP - ok

17:56:33.0531 3348 i2omgmt - ok

17:56:33.0531 3348 i2omp - ok

17:56:33.0609 3348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

17:56:33.0609 3348 i8042prt - ok

17:56:33.0703 3348 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:56:33.0718 3348 ialm - ok

17:56:33.0734 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:56:33.0734 3348 Imapi - ok

17:56:33.0750 3348 ini910u - ok

17:56:33.0765 3348 IntelIde - ok

17:56:33.0828 3348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:56:33.0828 3348 intelppm - ok

17:56:33.0843 3348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:56:33.0843 3348 Ip6Fw - ok

17:56:33.0921 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:56:33.0921 3348 IpFilterDriver - ok

17:56:33.0921 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:56:33.0937 3348 IpInIp - ok

17:56:33.0953 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:56:33.0968 3348 IpNat - ok

17:56:33.0968 3348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:56:33.0968 3348 IPSec - ok

17:56:34.0031 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:56:34.0031 3348 IRENUM - ok

17:56:34.0078 3348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:56:34.0078 3348 isapnp - ok

17:56:34.0078 3348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:56:34.0078 3348 Kbdclass - ok

17:56:34.0093 3348 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:56:34.0093 3348 kbdhid - ok

17:56:34.0140 3348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:56:34.0140 3348 kmixer - ok

17:56:34.0218 3348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:56:34.0218 3348 KSecDD - ok

17:56:34.0234 3348 lbrtfdc - ok

17:56:34.0312 3348 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

17:56:34.0312 3348 mfeavfk - ok

17:56:34.0343 3348 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

17:56:34.0343 3348 mfebopk - ok

17:56:34.0390 3348 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys

17:56:34.0390 3348 mfehidk - ok

17:56:34.0453 3348 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

17:56:34.0468 3348 mferkdk - ok

17:56:34.0515 3348 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

17:56:34.0515 3348 mfesmfk - ok

17:56:34.0593 3348 mmc_2K (5e7f122b025c798e11146cd17c645eae) C:\WINDOWS\system32\drivers\mmc_2K.sys

17:56:34.0593 3348 mmc_2K - ok

17:56:34.0656 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:56:34.0656 3348 mnmdd - ok

17:56:34.0703 3348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:56:34.0703 3348 Modem - ok

17:56:34.0750 3348 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

17:56:34.0750 3348 MotDev - ok

17:56:34.0828 3348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:56:34.0828 3348 Mouclass - ok

17:56:34.0906 3348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:56:34.0906 3348 mouhid - ok

17:56:34.0906 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:56:34.0906 3348 MountMgr - ok

17:56:34.0968 3348 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

17:56:34.0968 3348 MPFP - ok

17:56:34.0968 3348 mraid35x - ok

17:56:34.0984 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:56:34.0984 3348 MRxDAV - ok

17:56:35.0062 3348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:56:35.0062 3348 MRxSmb - ok

17:56:35.0078 3348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:56:35.0078 3348 Msfs - ok

17:56:35.0140 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:56:35.0140 3348 MSKSSRV - ok

17:56:35.0218 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:56:35.0218 3348 MSPCLOCK - ok

17:56:35.0218 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:56:35.0218 3348 MSPQM - ok

17:56:35.0281 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:56:35.0281 3348 mssmbios - ok

17:56:35.0312 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:56:35.0312 3348 Mup - ok

17:56:35.0359 3348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:56:35.0359 3348 NDIS - ok

17:56:35.0437 3348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:56:35.0437 3348 NdisTapi - ok

17:56:35.0515 3348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:56:35.0515 3348 Ndisuio - ok

17:56:35.0546 3348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:56:35.0546 3348 NdisWan - ok

17:56:35.0625 3348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:56:35.0625 3348 NDProxy - ok

17:56:35.0625 3348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:56:35.0625 3348 NetBIOS - ok

17:56:35.0640 3348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:56:35.0640 3348 NetBT - ok

17:56:35.0718 3348 NetworkX (285fd4aa8c264c1665b96186db3009b6) C:\WINDOWS\system32\ckldrv.sys

17:56:35.0718 3348 NetworkX - ok

17:56:35.0734 3348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:56:35.0734 3348 Npfs - ok

17:56:35.0812 3348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:56:35.0828 3348 Ntfs - ok

17:56:35.0843 3348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:56:35.0843 3348 Null - ok

17:56:35.0906 3348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:56:35.0906 3348 NwlnkFlt - ok

17:56:35.0921 3348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:56:35.0921 3348 NwlnkFwd - ok

17:56:35.0953 3348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:56:35.0953 3348 Parport - ok

17:56:35.0953 3348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:56:35.0953 3348 PartMgr - ok

17:56:36.0015 3348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:56:36.0015 3348 ParVdm - ok

17:56:36.0046 3348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:56:36.0062 3348 PCI - ok

17:56:36.0062 3348 PCIDump - ok

17:56:36.0078 3348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:56:36.0078 3348 PCIIde - ok

17:56:36.0109 3348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:56:36.0109 3348 Pcmcia - ok

17:56:36.0109 3348 PDCOMP - ok

17:56:36.0125 3348 PDFRAME - ok

17:56:36.0125 3348 PDRELI - ok

17:56:36.0140 3348 PDRFRAME - ok

17:56:36.0140 3348 perc2 - ok

17:56:36.0156 3348 perc2hib - ok

17:56:36.0187 3348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:56:36.0187 3348 PptpMiniport - ok

17:56:36.0203 3348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:56:36.0203 3348 PSched - ok

17:56:36.0234 3348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:56:36.0234 3348 Ptilink - ok

17:56:36.0296 3348 pwd_2k (a5c7d812354cfb50f308e684417b2282) C:\WINDOWS\system32\drivers\pwd_2k.sys

17:56:36.0296 3348 pwd_2k - ok

17:56:36.0296 3348 ql1080 - ok

17:56:36.0312 3348 Ql10wnt - ok

17:56:36.0328 3348 ql12160 - ok

17:56:36.0328 3348 ql1240 - ok

17:56:36.0343 3348 ql1280 - ok

17:56:36.0343 3348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:56:36.0343 3348 RasAcd - ok

17:56:36.0421 3348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:56:36.0421 3348 Rasl2tp - ok

17:56:36.0421 3348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:56:36.0421 3348 RasPppoe - ok

17:56:36.0437 3348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:56:36.0437 3348 Raspti - ok

17:56:36.0453 3348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:56:36.0453 3348 Rdbss - ok

17:56:36.0468 3348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:56:36.0468 3348 RDPCDD - ok

17:56:36.0546 3348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:56:36.0546 3348 rdpdr - ok

17:56:36.0593 3348 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:56:36.0593 3348 RDPWD - ok

17:56:36.0656 3348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:56:36.0656 3348 redbook - ok

17:56:36.0703 3348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:56:36.0703 3348 Secdrv - ok

17:56:36.0828 3348 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

17:56:36.0843 3348 senfilt - ok

17:56:36.0921 3348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:56:36.0921 3348 serenum - ok

17:56:36.0937 3348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:56:36.0937 3348 Serial - ok

17:56:36.0953 3348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:56:36.0953 3348 Sfloppy - ok

17:56:36.0968 3348 Simbad - ok

17:56:37.0046 3348 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

17:56:37.0046 3348 smwdm - ok

17:56:37.0062 3348 Sparrow - ok

17:56:37.0078 3348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:56:37.0078 3348 splitter - ok

17:56:37.0140 3348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:56:37.0140 3348 sr - ok

17:56:37.0203 3348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:56:37.0218 3348 Srv - ok

17:56:37.0234 3348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:56:37.0234 3348 swenum - ok

17:56:37.0250 3348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:56:37.0250 3348 swmidi - ok

17:56:37.0250 3348 symc810 - ok

17:56:37.0265 3348 symc8xx - ok

17:56:37.0265 3348 sym_hi - ok

17:56:37.0281 3348 sym_u3 - ok

17:56:37.0296 3348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:56:37.0296 3348 sysaudio - ok

17:56:37.0375 3348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:56:37.0390 3348 Tcpip - ok

17:56:37.0421 3348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:56:37.0421 3348 TDPIPE - ok

17:56:37.0453 3348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:56:37.0453 3348 TDTCP - ok

17:56:37.0484 3348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:56:37.0484 3348 TermDD - ok

17:56:37.0500 3348 TosIde - ok

17:56:37.0546 3348 UdfReadr_xp (6facbcd4bfb3cfe2e5e178c2f8143077) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

17:56:37.0546 3348 UdfReadr_xp - ok

17:56:37.0562 3348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:56:37.0578 3348 Udfs - ok

17:56:37.0609 3348 ultra - ok

17:56:37.0687 3348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:56:37.0687 3348 Update - ok

17:56:37.0750 3348 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:56:37.0750 3348 usbaudio - ok

17:56:37.0812 3348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:56:37.0812 3348 usbccgp - ok

17:56:37.0890 3348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:56:37.0890 3348 usbehci - ok

17:56:37.0968 3348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:56:37.0968 3348 usbhub - ok

17:56:38.0000 3348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:56:38.0000 3348 usbprint - ok

17:56:38.0062 3348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:56:38.0062 3348 usbscan - ok

17:56:38.0125 3348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:56:38.0125 3348 USBSTOR - ok

17:56:38.0140 3348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:56:38.0156 3348 usbuhci - ok

17:56:38.0203 3348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:56:38.0218 3348 VgaSave - ok

17:56:38.0218 3348 ViaIde - ok

17:56:38.0250 3348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:56:38.0250 3348 VolSnap - ok

17:56:38.0265 3348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:56:38.0265 3348 Wanarp - ok

17:56:38.0328 3348 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:56:38.0328 3348 Wdf01000 - ok

17:56:38.0328 3348 WDICA - ok

17:56:38.0390 3348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:56:38.0406 3348 wdmaud - ok

17:56:38.0484 3348 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:56:38.0484 3348 WpdUsb - ok

17:56:38.0562 3348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:56:38.0562 3348 WudfPf - ok

17:56:38.0593 3348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:56:38.0593 3348 WudfRd - ok

17:56:38.0625 3348 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:56:38.0765 3348 \Device\Harddisk0\DR0 - ok

17:56:38.0765 3348 Boot (0x1200) (fc54f12c1b294a00c5f1f96c33042643) \Device\Harddisk0\DR0\Partition0

17:56:38.0765 3348 \Device\Harddisk0\DR0\Partition0 - ok

17:56:38.0765 3348 ============================================================

17:56:38.0765 3348 Scan finished

17:56:38.0765 3348 ============================================================

17:56:38.0781 3288 Detected object count: 0

17:56:38.0781 3288 Actual detected object count: 0

17:56:47.0843 3356 ============================================================

17:56:47.0843 3356 Scan started

17:56:47.0843 3356 Mode: Manual;

17:56:47.0843 3356 ============================================================

17:56:47.0984 3356 Abiosdsk - ok

17:56:48.0000 3356 abp480n5 - ok

17:56:48.0046 3356 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:56:48.0046 3356 ACPI - ok

17:56:48.0093 3356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:56:48.0093 3356 ACPIEC - ok

17:56:48.0093 3356 adpu160m - ok

17:56:48.0140 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:56:48.0140 3356 aec - ok

17:56:48.0234 3356 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

17:56:48.0234 3356 AFD - ok

17:56:48.0312 3356 Aha154x - ok

17:56:48.0375 3356 Ai2sXP (0e47d2a7a9530d6cd2a64d1140499d19) C:\WINDOWS\System32\drivers\Ai2sXP.sys

17:56:48.0375 3356 Ai2sXP - ok

17:56:48.0375 3356 aic78u2 - ok

17:56:48.0390 3356 aic78xx - ok

17:56:48.0390 3356 AliIde - ok

17:56:48.0406 3356 amsint - ok

17:56:48.0468 3356 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys

17:56:48.0468 3356 androidusb - ok

17:56:48.0484 3356 asc - ok

17:56:48.0500 3356 asc3350p - ok

17:56:48.0500 3356 asc3550 - ok

17:56:48.0578 3356 AsUsbDrvXP (ecf7fc1f5a7c77b3870333f0f977c1bf) C:\WINDOWS\system32\DRIVERS\AsUsbDrvXP.sys

17:56:48.0578 3356 AsUsbDrvXP - ok

17:56:48.0625 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:56:48.0625 3356 AsyncMac - ok

17:56:48.0640 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:56:48.0640 3356 atapi - ok

17:56:48.0656 3356 Atdisk - ok

17:56:48.0687 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:56:48.0687 3356 Atmarpc - ok

17:56:48.0750 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:56:48.0750 3356 audstub - ok

17:56:48.0812 3356 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:56:48.0812 3356 b57w2k - ok

17:56:48.0875 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:56:48.0875 3356 Beep - ok

17:56:48.0875 3356 catchme - ok

17:56:48.0921 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:56:48.0921 3356 cbidf2k - ok

17:56:48.0937 3356 cd20xrnt - ok

17:56:48.0984 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:56:48.0984 3356 Cdaudio - ok

17:56:49.0031 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:56:49.0031 3356 Cdfs - ok

17:56:49.0078 3356 Cdr4_xp (f3b4a24cb52737ad4b8cd271370b5290) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

17:56:49.0078 3356 Cdr4_xp - ok

17:56:49.0093 3356 Cdralw2k (c911a4f1a849a3a3e3a255c3bce4197c) C:\WINDOWS\system32\drivers\Cdralw2k.sys

17:56:49.0093 3356 Cdralw2k - ok

17:56:49.0156 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:56:49.0156 3356 Cdrom - ok

17:56:49.0218 3356 cdudf_xp (3e0feb75975ab2ea1c0fc13014cdc910) C:\WINDOWS\system32\drivers\cdudf_xp.sys

17:56:49.0218 3356 cdudf_xp - ok

17:56:49.0218 3356 Changer - ok

17:56:49.0234 3356 CmdIde - ok

17:56:49.0250 3356 Cpqarray - ok

17:56:49.0265 3356 dac2w2k - ok

17:56:49.0281 3356 dac960nt - ok

17:56:49.0328 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:56:49.0328 3356 Disk - ok

17:56:49.0390 3356 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:56:49.0390 3356 dmboot - ok

17:56:49.0406 3356 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:56:49.0406 3356 dmio - ok

17:56:49.0453 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:56:49.0453 3356 dmload - ok

17:56:49.0500 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:56:49.0500 3356 DMusic - ok

17:56:49.0515 3356 dpti2o - ok

17:56:49.0578 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:56:49.0578 3356 drmkaud - ok

17:56:49.0609 3356 DVDVRRdr_xp (3722882edc0fb17bc363e34747112953) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

17:56:49.0609 3356 DVDVRRdr_xp - ok

17:56:49.0625 3356 dvd_2K (fe2ae8bf2f60cbab253dd04b99c6072c) C:\WINDOWS\system32\drivers\dvd_2K.sys

17:56:49.0625 3356 dvd_2K - ok

17:56:49.0687 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:56:49.0687 3356 Fastfat - ok

17:56:49.0812 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:56:49.0812 3356 Fdc - ok

17:56:49.0828 3356 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:56:49.0828 3356 Fips - ok

17:56:49.0843 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:56:49.0843 3356 Flpydisk - ok

17:56:49.0890 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:56:49.0890 3356 FltMgr - ok

17:56:49.0937 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:56:49.0937 3356 Fs_Rec - ok

17:56:49.0953 3356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:56:49.0953 3356 Ftdisk - ok

17:56:50.0046 3356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:56:50.0046 3356 GEARAspiWDM - ok

17:56:50.0062 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:56:50.0062 3356 Gpc - ok

17:56:50.0125 3356 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:56:50.0125 3356 hidusb - ok

17:56:50.0125 3356 hpn - ok

17:56:50.0203 3356 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:56:50.0203 3356 HPZid412 - ok

17:56:50.0265 3356 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:56:50.0265 3356 HPZipr12 - ok

17:56:50.0296 3356 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:56:50.0296 3356 HPZius12 - ok

17:56:50.0343 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:56:50.0343 3356 HTTP - ok

17:56:50.0359 3356 i2omgmt - ok

17:56:50.0375 3356 i2omp - ok

17:56:50.0437 3356 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

17:56:50.0437 3356 i8042prt - ok

17:56:50.0546 3356 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:56:50.0546 3356 ialm - ok

17:56:50.0625 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:56:50.0625 3356 Imapi - ok

17:56:50.0640 3356 ini910u - ok

17:56:50.0656 3356 IntelIde - ok

17:56:50.0703 3356 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:56:50.0703 3356 intelppm - ok

17:56:50.0718 3356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:56:50.0718 3356 Ip6Fw - ok

17:56:50.0781 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:56:50.0781 3356 IpFilterDriver - ok

17:56:50.0796 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:56:50.0796 3356 IpInIp - ok

17:56:50.0828 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:56:50.0828 3356 IpNat - ok

17:56:50.0875 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:56:50.0875 3356 IPSec - ok

17:56:50.0906 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:56:50.0921 3356 IRENUM - ok

17:56:50.0937 3356 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:56:50.0937 3356 isapnp - ok

17:56:51.0000 3356 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:56:51.0000 3356 Kbdclass - ok

17:56:51.0015 3356 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:56:51.0015 3356 kbdhid - ok

17:56:51.0109 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:56:51.0109 3356 kmixer - ok

17:56:51.0187 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:56:51.0187 3356 KSecDD - ok

17:56:51.0234 3356 lbrtfdc - ok

17:56:51.0328 3356 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

17:56:51.0328 3356 mfeavfk - ok

17:56:51.0359 3356 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

17:56:51.0359 3356 mfebopk - ok

17:56:51.0406 3356 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys

17:56:51.0406 3356 mfehidk - ok

17:56:51.0468 3356 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

17:56:51.0468 3356 mferkdk - ok

17:56:51.0531 3356 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

17:56:51.0531 3356 mfesmfk - ok

17:56:51.0593 3356 mmc_2K (5e7f122b025c798e11146cd17c645eae) C:\WINDOWS\system32\drivers\mmc_2K.sys

17:56:51.0593 3356 mmc_2K - ok

17:56:51.0656 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:56:51.0656 3356 mnmdd - ok

17:56:51.0718 3356 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:56:51.0718 3356 Modem - ok

17:56:51.0765 3356 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

17:56:51.0765 3356 MotDev - ok

17:56:51.0828 3356 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:56:51.0828 3356 Mouclass - ok

17:56:51.0890 3356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:56:51.0890 3356 mouhid - ok

17:56:51.0890 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:56:51.0890 3356 MountMgr - ok

17:56:51.0953 3356 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

17:56:51.0953 3356 MPFP - ok

17:56:51.0968 3356 mraid35x - ok

17:56:51.0984 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:56:51.0984 3356 MRxDAV - ok

17:56:52.0078 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:56:52.0078 3356 MRxSmb - ok

17:56:52.0093 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:56:52.0093 3356 Msfs - ok

17:56:52.0156 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:56:52.0156 3356 MSKSSRV - ok

17:56:52.0218 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:56:52.0218 3356 MSPCLOCK - ok

17:56:52.0234 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:56:52.0234 3356 MSPQM - ok

17:56:52.0296 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:56:52.0296 3356 mssmbios - ok

17:56:52.0328 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:56:52.0328 3356 Mup - ok

17:56:52.0390 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:56:52.0390 3356 NDIS - ok

17:56:52.0453 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:56:52.0453 3356 NdisTapi - ok

17:56:52.0515 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:56:52.0531 3356 Ndisuio - ok

17:56:52.0593 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:56:52.0593 3356 NdisWan - ok

17:56:52.0656 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:56:52.0656 3356 NDProxy - ok

17:56:52.0671 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:56:52.0671 3356 NetBIOS - ok

17:56:52.0734 3356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:56:52.0750 3356 NetBT - ok

17:56:52.0812 3356 NetworkX (285fd4aa8c264c1665b96186db3009b6) C:\WINDOWS\system32\ckldrv.sys

17:56:52.0812 3356 NetworkX - ok

17:56:52.0828 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:56:52.0828 3356 Npfs - ok

17:56:52.0906 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:56:52.0906 3356 Ntfs - ok

17:56:52.0968 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:56:52.0984 3356 Null - ok

17:56:53.0031 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:56:53.0031 3356 NwlnkFlt - ok

17:56:53.0046 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:56:53.0046 3356 NwlnkFwd - ok

17:56:53.0140 3356 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:56:53.0140 3356 Parport - ok

17:56:53.0171 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:56:53.0171 3356 PartMgr - ok

17:56:53.0203 3356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:56:53.0203 3356 ParVdm - ok

17:56:53.0234 3356 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:56:53.0250 3356 PCI - ok

17:56:53.0250 3356 PCIDump - ok

17:56:53.0265 3356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:56:53.0265 3356 PCIIde - ok

17:56:53.0281 3356 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:56:53.0281 3356 Pcmcia - ok

17:56:53.0296 3356 PDCOMP - ok

17:56:53.0296 3356 PDFRAME - ok

17:56:53.0312 3356 PDRELI - ok

17:56:53.0312 3356 PDRFRAME - ok

17:56:53.0328 3356 perc2 - ok

17:56:53.0328 3356 perc2hib - ok

17:56:53.0359 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:56:53.0359 3356 PptpMiniport - ok

17:56:53.0375 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:56:53.0375 3356 PSched - ok

17:56:53.0421 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:56:53.0421 3356 Ptilink - ok

17:56:53.0484 3356 pwd_2k (a5c7d812354cfb50f308e684417b2282) C:\WINDOWS\system32\drivers\pwd_2k.sys

17:56:53.0484 3356 pwd_2k - ok

17:56:53.0484 3356 ql1080 - ok

17:56:53.0500 3356 Ql10wnt - ok

17:56:53.0515 3356 ql12160 - ok

17:56:53.0515 3356 ql1240 - ok

17:56:53.0531 3356 ql1280 - ok

17:56:53.0531 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:56:53.0531 3356 RasAcd - ok

17:56:53.0546 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:56:53.0546 3356 Rasl2tp - ok

17:56:53.0562 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:56:53.0562 3356 RasPppoe - ok

17:56:53.0578 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:56:53.0578 3356 Raspti - ok

17:56:53.0593 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:56:53.0593 3356 Rdbss - ok

17:56:53.0609 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:56:53.0609 3356 RDPCDD - ok

17:56:53.0687 3356 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:56:53.0687 3356 rdpdr - ok

17:56:53.0781 3356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:56:53.0796 3356 RDPWD - ok

17:56:53.0843 3356 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:56:53.0843 3356 redbook - ok

17:56:53.0890 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:56:53.0890 3356 Secdrv - ok

17:56:54.0000 3356 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

17:56:54.0015 3356 senfilt - ok

17:56:54.0078 3356 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:56:54.0078 3356 serenum - ok

17:56:54.0109 3356 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:56:54.0125 3356 Serial - ok

17:56:54.0140 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:56:54.0140 3356 Sfloppy - ok

17:56:54.0140 3356 Simbad - ok

17:56:54.0218 3356 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

17:56:54.0234 3356 smwdm - ok

17:56:54.0234 3356 Sparrow - ok

17:56:54.0250 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:56:54.0250 3356 splitter - ok

17:56:54.0328 3356 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:56:54.0328 3356 sr - ok

17:56:54.0390 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:56:54.0390 3356 Srv - ok

17:56:54.0453 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:56:54.0453 3356 swenum - ok

17:56:54.0468 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:56:54.0468 3356 swmidi - ok

17:56:54.0468 3356 symc810 - ok

17:56:54.0484 3356 symc8xx - ok

17:56:54.0500 3356 sym_hi - ok

17:56:54.0500 3356 sym_u3 - ok

17:56:54.0546 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:56:54.0546 3356 sysaudio - ok

17:56:54.0625 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:56:54.0625 3356 Tcpip - ok

17:56:54.0671 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:56:54.0671 3356 TDPIPE - ok

17:56:54.0687 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:56:54.0687 3356 TDTCP - ok

17:56:54.0687 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:56:54.0687 3356 TermDD - ok

17:56:54.0718 3356 TosIde - ok

17:56:54.0734 3356 UdfReadr_xp (6facbcd4bfb3cfe2e5e178c2f8143077) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

17:56:54.0734 3356 UdfReadr_xp - ok

17:56:54.0765 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:56:54.0765 3356 Udfs - ok

17:56:54.0781 3356 ultra - ok

17:56:54.0828 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:56:54.0828 3356 Update - ok

17:56:54.0906 3356 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:56:54.0906 3356 usbaudio - ok

17:56:54.0984 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:56:54.0984 3356 usbccgp - ok

17:56:55.0093 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:56:55.0109 3356 usbehci - ok

17:56:55.0156 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:56:55.0156 3356 usbhub - ok

17:56:55.0187 3356 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:56:55.0187 3356 usbprint - ok

17:56:55.0234 3356 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:56:55.0234 3356 usbscan - ok

17:56:55.0296 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:56:55.0296 3356 USBSTOR - ok

17:56:55.0328 3356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:56:55.0328 3356 usbuhci - ok

17:56:55.0390 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:56:55.0390 3356 VgaSave - ok

17:56:55.0421 3356 ViaIde - ok

17:56:55.0453 3356 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:56:55.0453 3356 VolSnap - ok

17:56:55.0468 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:56:55.0484 3356 Wanarp - ok

17:56:55.0531 3356 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:56:55.0531 3356 Wdf01000 - ok

17:56:55.0546 3356 WDICA - ok

17:56:55.0609 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:56:55.0609 3356 wdmaud - ok

17:56:55.0703 3356 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:56:55.0703 3356 WpdUsb - ok

17:56:55.0781 3356 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:56:55.0781 3356 WudfPf - ok

17:56:55.0796 3356 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:56:55.0796 3356 WudfRd - ok

17:56:55.0843 3356 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:56:55.0984 3356 \Device\Harddisk0\DR0 - ok

17:56:55.0984 3356 Boot (0x1200) (fc54f12c1b294a00c5f1f96c33042643) \Device\Harddisk0\DR0\Partition0

17:56:55.0984 3356 \Device\Harddisk0\DR0\Partition0 - ok

17:56:55.0984 3356 ============================================================

17:56:55.0984 3356 Scan finished

17:56:55.0984 3356 ============================================================

17:56:56.0000 3352 Detected object count: 0

17:56:56.0000 3352 Actual detected object count: 0

Link to post
Share on other sites

Hi, that looks better already. Lets see if there are any files that need permissions reset.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Link to post
Share on other sites

Thank you again! We appreciate all your help.

Here is the log:

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.

.

Failed to open \\?\c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe: Access is denied.

..

...

...

..

Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\TeaTimer.exe: Access is denied.

.

.

Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...No reparse points found.

Link to post
Share on other sites

Please let me know how everything is running after the following steps.

Please download GrantPerms.zip and save it to your desktop.

Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe

Copy and paste the following in the edit box:

c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Click Unlock. When it is done click "OK".

Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Link to post
Share on other sites

Hello. Once again, thank you for your time!

Here is the permissions list:

GrantPerms by Farbar

Ran by Administrator at 2011-10-13 14:03:33

===============================================

\\?\c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

Link to post
Share on other sites

Hello, and thank you!

I ran the dds. I hope I am posting it correctly. I could not figure out how to make a notepad item into a zip file but I copied it to Word and then zipped it, so I hope that's okay. If you would like it in a different format, please let me know.

And again, thank you so very much.

Attach.zip

Link to post
Share on other sites

Hi, that works as well. :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Hi again. Wow, it's been a long process, hasn't it? :) Thank you for working with me through all this.

Okay, here is the log from the MBAM scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7944

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/14/2011 10:55:03 AM

mbam-log-2011-10-14 (10-55-03).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 282190

Time elapsed: 2 hour(s), 22 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\15\455b38f-3c8ff35c (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\system volume information\_restore{973c6583-6caf-4570-a8e3-da440297329f}\RP746\A0106550.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi, that is looking good! Any problem left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Hello, and thank you.

I haven't observed any more problems. The task bar remains beige instead of blue, but I don't mind, unless it means anything it shouldn't. :)

Okay, I ran the ESET scanner and below are the results. Thank you again!

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\23\44f61317-33ac6801 multiple threats deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\14\6163e64e-452bfb46 Java/Agent.DS trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\704dc34-21952f8a a variant of Java/TrojanDownloader.OpenStream.NCM trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\61999af5-7c5884ec Java/Agent.DU trojan deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\6835cff6-609e5635 Java/Agent.DU trojan deleted - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106306.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106318.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106322.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106448.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106459.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106468.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106477.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106487.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106492.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106503.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106507.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP745\A0106512.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0106726.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0106744.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0107744.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0108744.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0108766.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0109766.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0110766.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0110775.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0111775.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0111781.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0111791.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0112791.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0112797.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0112811.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0112844.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0113844.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0113868.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0113885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0114885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0115885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0116885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0117885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0118885.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0118907.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0118925.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0118936.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0119936.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0120936.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0121936.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0121964.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0121971.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0121985.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0121999.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP746\A0122999.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP747\A0123069.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{973C6583-6CAF-4570-A8E3-DA440297329F}\RP748\A0124069.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\drivers\cdr4_xp.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

Link to post
Share on other sites

P.S. This just came up while I was at a website: "We see that you are using an older web browser (Mozilla Firefox 3) which has security issues. You also may not see all of the features on websites without a browser update. Learn how to update your browser." The last line was a link but I didn't want to click on it, in case it was not really Firefox; however, when I go to the Firefox website, it says it looks like we have an older version...and offers 7.0.1. Do you think I should download and use the newer version of Firefox?

Also, would you recommend I get Malwarebytes Pro and/or Norton to protect the computer better?

Thank you for all your help.

Link to post
Share on other sites

Hi, you can change the color of the taskbar in the Desktop Properties (right click desktop > Properties). If you can't find the option there, let me know and I'll have a look for it.

Can you please test if your CD/DVD drive and burning software is still functioning properly?

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.