Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Neofetch Creates Colorful System Information Screens using Ascii Art

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

Yet another lovely bundle of viruses/trojans/spyware/malware or something

Started by tigergrrl , Sep 23 2009 04:48 PM

This topic is locked

5 replies to this topic

#1 tigergrrl

Members
8 posts
OFFLINE

Gender:Female
Local time:05:02 PM

Posted 23 September 2009 - 04:48 PM

Hi everyone,

This the first issue to bring me to "bleeping" -- thanks again for any help that you can offer me!

Garmanma helped me to get a log from Win32kDiag, which I am attaching here, and then directed me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/259392/i-think-i-have-a-nasty-rootkit-cant-run-rootrepeal-or-dds/ ~ OB I'm essentially having similar sorts of browser re-direct issues and blue screen crashes like others are describing, and I can't really access anything (though I can see my desktop) except when I am in safe mode. I can't run DDS or RootRepeal, and all antivirus programs I've tried have crashed. Garmanma told me to mention that this attached log is the only thing that I have been able to run successfully.

Here's my Win32kDiag log:

Running from: C:\Users\rwhite2\Desktop\Win32kDiag.exe

Log file at : C:\Users\rwhite2\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5CA0.tmp\ZAP5CA0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD9C.tmp\ZAPAD9C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD078.tmp\ZAPD078.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED1C.tmp\ZAPED1C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\upekmsi\upekmsi

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\mail\mail

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\htmlTour\htmlTour

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\mmTour\mmTour

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Audio\Wav\Wav

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Cnt\Cnt

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Css\Css

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Img\Btn\Btn

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Img\WMarks\WMarks

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Scr\Scr

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Tours\WindowsMediaPlayer\Video\Video

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\IME\shared\res\res

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\inf\drvindex.dat

[1] 2009-02-16 17:04:19 665600 C:\Windows\inf\drvindex.dat ()

Found mount point : C:\Windows\inf\en-US\en-US

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\inf\INFCACHE.1

[1] 2009-07-22 11:54:45 1707464 C:\Windows\inf\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\chs\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\cht\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\deu\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\enu\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\esp\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\fra\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\ita\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\jpn\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\kor\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\hdmi\ptb\INFCACHE.1 ()

[1] 2007-10-24 18:02:04 4128 C:\Windows\System32\Lang\INFCACHE.1 ()

[1] 2008-05-12 16:31:47 1423568 C:\i386\INFCACHE.1 ()

Cannot access: C:\Windows\inf\infpub.dat

[1] 2009-07-22 11:54:43 51200 C:\Windows\inf\infpub.dat ()

Cannot access: C:\Windows\inf\infstor.dat

[1] 2009-07-22 11:54:42 86016 C:\Windows\inf\infstor.dat ()

Cannot access: C:\Windows\inf\infstrng.dat

[1] 2009-07-22 11:54:42 86016 C:\Windows\inf\infstrng.dat ()

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022\3.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\ReassembledDrivers\ReassembledDrivers

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Resources\Themes\Luna\Shell\Homestead\Homestead

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Resources\Themes\Luna\Shell\Metallic\Metallic

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Resources\Themes\Luna\Shell\NormalColor\NormalColor

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[2] 2006-11-02 04:46:03 11776 C:\Windows\System32\cngaudit(570).dll (Microsoft Corporation)

[1] 2006-11-02 04:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 04:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[2] 2006-11-02 04:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit(362).dll (Microsoft Corporation)

[1] 2006-11-02 04:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\1394bus.sys

[1] 2006-11-02 03:55:12 53376 C:\Windows\System32\drivers\1394bus.sys ()

[1] 2006-11-02 03:55:12 53376 C:\Windows\System32\DriverStore\FileRepository\1394.inf_1c635995\1394bus.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:28 53376 C:\Windows\Temp\SPI2138.tmp\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\1394bus.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:28 53376 C:\Windows\Temp\SPIF7C1.tmp\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\1394bus.sys (Microsoft Corporation)

[1] 2004-08-03 23:10:08 53248 C:\i386\1394bus.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\acpi.sys

[1] 2006-11-02 04:51:30 255592 C:\Windows\System32\drivers\acpi.sys ()

[1] 2006-11-02 04:51:30 255592 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys (Microsoft Corporation)

[1] 2008-01-19 00:43:04 266808 C:\Windows\Temp\SPI2138.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys (Microsoft Corporation)

[1] 2008-01-19 00:43:04 266808 C:\Windows\Temp\SPIF7C1.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 187776 C:\i386\acpi.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\atapi(569).sys

[1] 2006-11-02 04:49:36 19048 C:\Windows\System32\drivers\atapi(569).sys ()

Cannot access: C:\Windows\System32\drivers\atapi.sys

[1] 2006-11-02 04:49:36 19048 C:\Windows\System32\drivers\atapi.sys ()

[1] 2006-11-02 04:49:36 19048 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:32 21560 C:\Windows\Temp\SPI2138.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:32 21560 C:\Windows\Temp\SPIF7C1.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys (Microsoft Corporation)

[1] 2004-08-03 22:59:44 95360 C:\i386\atapi.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\ataport.sys

[1] 2006-11-02 04:50:41 107112 C:\Windows\System32\drivers\ataport.sys ()

[1] 2006-11-02 04:50:41 107112 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\ataport.sys (Microsoft Corporation)

[1] 2008-01-19 00:43:08 110136 C:\Windows\Temp\SPI2138.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\ataport.sys (Microsoft Corporation)

[1] 2008-01-19 00:43:08 110136 C:\Windows\Temp\SPIF7C1.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\ataport.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\battc.sys

[1] 2006-11-02 04:49:47 25192 C:\Windows\System32\drivers\battc.sys ()

[1] 2006-11-02 04:49:47 25192 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\battc.sys (Microsoft Corporation)

[1] 2006-11-02 04:49:47 25192 C:\Windows\System32\DriverStore\FileRepository\battery.inf_f4c53ba5\battc.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:40 28216 C:\Windows\Temp\SPI2138.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\battc.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:40 28216 C:\Windows\Temp\SPI2138.tmp\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\battc.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:40 28216 C:\Windows\Temp\SPIF7C1.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\battc.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:40 28216 C:\Windows\Temp\SPIF7C1.tmp\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\battc.sys (Microsoft Corporation)

[1] 2001-08-17 13:57:54 14080 C:\i386\battc.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\cdrom.sys

[1] 2006-11-02 03:51:44 67072 C:\Windows\System32\drivers\cdrom.sys ()

[1] 2006-11-02 03:51:44 67072 C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:52 67072 C:\Windows\Temp\SPI2138.tmp\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:52 67072 C:\Windows\Temp\SPIF7C1.tmp\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 49536 C:\i386\cdrom.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\CmBatt.sys

[1] 2006-11-02 03:35:03 14208 C:\Windows\System32\drivers\CmBatt.sys ()

[1] 2006-11-02 03:35:03 14208 C:\Windows\System32\DriverStore\FileRepository\battery.inf_f4c53ba5\CmBatt.sys (Microsoft Corporation)

[1] 2008-01-18 22:32:48 14208 C:\Windows\Temp\SPI2138.tmp\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\cmbatt.sys (Microsoft Corporation)

[1] 2008-01-18 22:32:48 14208 C:\Windows\Temp\SPIF7C1.tmp\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\cmbatt.sys (Microsoft Corporation)

[1] 2004-08-03 23:07:40 14080 C:\i386\CmBatt.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\disk.sys

[1] 2006-11-02 04:49:51 52840 C:\Windows\System32\drivers\disk.sys ()

[1] 2006-11-02 04:49:51 52840 C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:22 55352 C:\Windows\Temp\SPI2138.tmp\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:22 55352 C:\Windows\Temp\SPIF7C1.tmp\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 36352 C:\i386\disk.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\Dot4.sys

[1] 2006-11-02 03:51:04 131584 C:\Windows\System32\drivers\Dot4.sys ()

[1] 2006-11-02 03:51:04 131584 C:\Windows\System32\DriverStore\FileRepository\dot4.inf_024c3483\Dot4.sys (Microsoft Corporation)

[2] 2005-10-21 20:58:52 49920 C:\Windows\System32\DRVSTORE\hpzid413_639F44A9178C7A20A614BAD0D95ED0F717C1CAE9\drivers\dot4\Win2000\HPZid412.sys (HP)

[2] 2005-10-21 20:58:52 49920 C:\Windows\System32\DRVSTORE\hpzipa13_4E25546121E63B9D66B7252BF9079CA9374E33DA\drivers\dot4\Win2000\HPZid412.sys (HP)

[2] 2005-10-21 20:58:52 49920 C:\Windows\System32\DRVSTORE\hpzius13_3FE30AA926D072AD94378092FA3E1C6C873EFC9F\drivers\dot4\Win2000\hpzid412.sys (HP)

[1] 2008-01-18 22:49:14 131584 C:\Windows\Temp\SPI2138.tmp\x86_dot4.inf_31bf3856ad364e35_6.0.6001.18000_none_dc7405a5dc041870\dot4.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:14 131584 C:\Windows\Temp\SPIF7C1.tmp\x86_dot4.inf_31bf3856ad364e35_6.0.6001.18000_none_dc7405a5dc041870\dot4.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\Dot4Prt.sys

[1] 2006-11-02 03:51:02 16384 C:\Windows\System32\drivers\Dot4Prt.sys ()

[1] 2006-11-02 03:51:02 16384 C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_7ef448bf\Dot4Prt.sys (Microsoft Corporation)

[2] 2005-10-21 20:58:58 16496 C:\Windows\System32\DRVSTORE\hpzipa13_4E25546121E63B9D66B7252BF9079CA9374E33DA\drivers\dot4\Win2000\HPzipr12.sys (HP)

[2] 2005-10-21 20:58:58 16496 C:\Windows\System32\DRVSTORE\hpzipr13_B6E7260393C4003917E417E5D9BD7A1F1D498C63\drivers\dot4\Win2000\HPZipr12.sys (HP)

[2] 2005-10-21 20:58:58 16496 C:\Windows\System32\DRVSTORE\hpzius13_3FE30AA926D072AD94378092FA3E1C6C873EFC9F\drivers\dot4\Win2000\hpzipr12.sys (HP)

[1] 2008-01-18 22:49:10 16384 C:\Windows\Temp\SPI2138.tmp\x86_dot4prt.inf_31bf3856ad364e35_6.0.6001.18000_none_6d3b23766cb698be\dot4prt.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:10 16384 C:\Windows\Temp\SPIF7C1.tmp\x86_dot4prt.inf_31bf3856ad364e35_6.0.6001.18000_none_6d3b23766cb698be\dot4prt.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\Dot4usb.sys

[1] 2006-11-02 03:51:03 36864 C:\Windows\System32\drivers\Dot4usb.sys ()

[1] 2006-11-02 03:51:03 36864 C:\Windows\System32\DriverStore\FileRepository\dot4.inf_024c3483\Dot4usb.sys (Microsoft Corporation)

[2] 2005-10-21 20:52:48 21568 C:\Windows\System32\DRVSTORE\hpzipa13_4E25546121E63B9D66B7252BF9079CA9374E33DA\drivers\dot4\Win2000\HPZius12.sys (HP)

[2] 2005-10-21 20:52:48 21568 C:\Windows\System32\DRVSTORE\hpzius13_3FE30AA926D072AD94378092FA3E1C6C873EFC9F\drivers\dot4\Win2000\HPZius12.sys (HP)

[2] 2005-10-21 20:52:52 16800 C:\Windows\System32\DRVSTORE\hpzius13_3FE30AA926D072AD94378092FA3E1C6C873EFC9F\drivers\dot4\WinxP\Hppaufd0.sys (HP)

[1] 2008-01-18 22:49:12 36864 C:\Windows\Temp\SPI2138.tmp\x86_dot4.inf_31bf3856ad364e35_6.0.6001.18000_none_dc7405a5dc041870\dot4usb.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:12 36864 C:\Windows\Temp\SPIF7C1.tmp\x86_dot4.inf_31bf3856ad364e35_6.0.6001.18000_none_dc7405a5dc041870\dot4usb.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\drmk.sys

[1] 2006-11-02 04:20:50 130048 C:\Windows\System32\drivers\drmk.sys ()

[1] 2006-11-02 04:20:50 130048 C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\drmk.sys (Microsoft Corporation)

[1] 2008-01-18 23:53:04 130048 C:\Windows\Temp\SPI2138.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmk.sys (Microsoft Corporation)

[1] 2008-01-18 23:53:04 130048 C:\Windows\Temp\SPIF7C1.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmk.sys (Microsoft Corporation)

[1] 2004-08-03 23:08:00 60288 C:\i386\drmk.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\drmkaud.sys

[1] 2006-11-02 03:54:59 5632 C:\Windows\System32\drivers\drmkaud.sys ()

[1] 2006-11-02 03:54:59 5632 C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\drmkaud.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 5632 C:\Windows\Temp\SPI2138.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmkaud.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 5632 C:\Windows\Temp\SPIF7C1.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmkaud.sys (Microsoft Corporation)

[1] 2004-08-03 23:07:58 2944 C:\i386\drmkaud.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\hdaudbus.sys

[1] 2006-11-02 02:36:49 53248 C:\Windows\System32\drivers\hdaudbus.sys ()

[1] 2006-11-02 02:36:49 53248 C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_55037da4\hdaudbus.sys (Microsoft Corporation)

[1] 2008-01-18 21:30:50 53760 C:\Windows\Temp\SPI2138.tmp\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6001.18000_none_772192e1868720e9\hdaudbus.sys (Microsoft Corporation)

[1] 2008-01-18 21:30:50 53760 C:\Windows\Temp\SPIF7C1.tmp\x86_hdaudbus.inf_31bf3856ad364e35_6.0.6001.18000_none_772192e1868720e9\hdaudbus.sys (Microsoft Corporation)

[1] 2004-08-12 17:45:54 137728 C:\i386\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

Cannot access: C:\Windows\System32\drivers\HdAudio.sys

[1] 2006-11-02 02:36:49 235520 C:\Windows\System32\drivers\HdAudio.sys ()

[1] 2006-11-02 02:36:49 235520 C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_2e4e0e52\HdAudio.sys (Microsoft Corporation)

[1] 2004-08-12 17:45:52 113664 C:\i386\Hdaudio.sys (Windows ® Server 2003 DDK provider)

Cannot access: C:\Windows\System32\drivers\hidclass.sys

[1] 2006-11-02 03:55:01 38912 C:\Windows\System32\drivers\hidclass.sys ()

[1] 2006-11-02 03:55:01 38912 C:\Windows\System32\DriverStore\FileRepository\input.inf_53578522\hidclass.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 38912 C:\Windows\Temp\SPI2138.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidclass.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 38912 C:\Windows\Temp\SPIF7C1.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidclass.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 36224 C:\i386\hidclass.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\hidparse.sys

[1] 2006-11-02 03:55:00 25472 C:\Windows\System32\drivers\hidparse.sys ()

[1] 2006-11-02 03:55:00 25472 C:\Windows\System32\DriverStore\FileRepository\input.inf_53578522\hidparse.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 25472 C:\Windows\Temp\SPI2138.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidparse.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 25472 C:\Windows\Temp\SPIF7C1.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidparse.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 24960 C:\i386\hidparse.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\hidusb.sys

[1] 2006-11-02 03:55:01 12288 C:\Windows\System32\drivers\hidusb.sys ()

[1] 2006-11-02 03:55:01 12288 C:\Windows\System32\DriverStore\FileRepository\input.inf_53578522\hidusb.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 12288 C:\Windows\Temp\SPI2138.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidusb.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 12288 C:\Windows\Temp\SPIF7C1.tmp\x86_input.inf_31bf3856ad364e35_6.0.6001.18000_none_206f99c7201dafdb\hidusb.sys (Microsoft Corporation)

[1] 2001-08-17 15:02:20 9600 C:\i386\hidusb.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\i8042prt.sys

[1] 2006-11-02 03:51:13 54784 C:\Windows\System32\drivers\i8042prt.sys ()

[1] 2006-11-02 03:51:13 54784 C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys (Microsoft Corporation)

[1] 2006-11-02 03:51:13 54784 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:20 54784 C:\Windows\Temp\SPI2138.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:20 54784 C:\Windows\Temp\SPI2138.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:20 54784 C:\Windows\Temp\SPIF7C1.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:20 54784 C:\Windows\Temp\SPIF7C1.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys (Microsoft Corporation)

[1] 2007-12-05 21:18:29 54784 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys (Microsoft Corporation)

[1] 2007-12-05 21:25:39 54784 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys (Microsoft Corporation)

[1] 2007-12-05 21:18:29 54784 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys (Microsoft Corporation)

[1] 2007-12-05 21:25:39 54784 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys (Microsoft Corporation)

[1] 2004-08-03 23:14:38 52736 C:\i386\i8042prt.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\kbdclass.sys

[1] 2006-11-02 04:49:57 32872 C:\Windows\System32\drivers\kbdclass.sys ()

[1] 2006-11-02 04:49:57 32872 C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:54 35384 C:\Windows\Temp\SPI2138.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:54 35384 C:\Windows\Temp\SPIF7C1.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys (Microsoft Corporation)

[1] 2007-12-05 23:22:14 35384 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys (Microsoft Corporation)

[1] 2007-12-05 23:14:53 35384 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys (Microsoft Corporation)

[1] 2004-08-03 22:58:34 24576 C:\i386\kbdclass.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\kbdhid.sys

[1] 2006-11-02 03:51:12 15872 C:\Windows\System32\drivers\kbdhid.sys ()

[1] 2006-11-02 03:51:12 15872 C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdhid.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 15872 C:\Windows\Temp\SPI2138.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdhid.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 15872 C:\Windows\Temp\SPIF7C1.tmp\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdhid.sys (Microsoft Corporation)

[1] 2007-12-05 21:18:27 15872 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdhid.sys (Microsoft Corporation)

[1] 2007-12-05 21:25:37 15872 C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdhid.sys (Microsoft Corporation)

[1] 2004-08-03 23:58:36 14848 C:\i386\kbdhid.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\mouclass.sys

[1] 2006-11-02 04:49:54 31848 C:\Windows\System32\drivers\mouclass.sys ()

[1] 2006-11-02 04:49:54 31848 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\mouclass.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:54 34360 C:\Windows\Temp\SPI2138.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\mouclass.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:54 34360 C:\Windows\Temp\SPIF7C1.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\mouclass.sys (Microsoft Corporation)

[1] 2007-12-05 23:22:13 34360 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouclass.sys (Microsoft Corporation)

[1] 2007-12-05 23:14:51 34360 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouclass.sys (Microsoft Corporation)

[1] 2004-08-03 22:58:34 23040 C:\i386\mouclass.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\mouhid.sys

[1] 2006-11-02 03:51:12 15872 C:\Windows\System32\drivers\mouhid.sys ()

[1] 2006-11-02 03:51:12 15872 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\mouhid.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 15872 C:\Windows\Temp\SPI2138.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\mouhid.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 15872 C:\Windows\Temp\SPIF7C1.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\mouhid.sys (Microsoft Corporation)

[1] 2007-12-05 21:18:26 15872 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouhid.sys (Microsoft Corporation)

[1] 2007-12-05 21:25:36 15872 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouhid.sys (Microsoft Corporation)

[1] 2001-08-17 14:48:00 12160 C:\i386\mouhid.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\msisadrv.sys

[1] 2006-11-02 04:49:20 13928 C:\Windows\System32\drivers\msisadrv.sys ()

[1] 2006-11-02 04:49:20 13928 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\msisadrv.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:16 16440 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\msisadrv.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:16 16440 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\msisadrv.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\msiscsi.sys

[1] 2006-11-02 04:51:12 168552 C:\Windows\System32\drivers\msiscsi.sys ()

[1] 2006-11-02 04:51:12 168552 C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_ea5644c7\msiscsi.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:36 181304 C:\Windows\Temp\SPI2138.tmp\x86_iscsi.inf_31bf3856ad364e35_6.0.6001.18000_none_3cc3c5b3f3a6b22e\msiscsi.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:36 181304 C:\Windows\Temp\SPIF7C1.tmp\x86_iscsi.inf_31bf3856ad364e35_6.0.6001.18000_none_3cc3c5b3f3a6b22e\msiscsi.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\mssmbios.sys

[1] 2006-11-02 04:49:54 28776 C:\Windows\System32\drivers\mssmbios.sys ()

[1] 2006-11-02 04:49:54 28776 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\mssmbios.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:50 31288 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\mssmbios.sys (Microsoft Corporation)

[1] 2008-01-19 00:41:50 31288 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\mssmbios.sys (Microsoft Corporation)

[1] 2004-08-03 23:07:48 15488 C:\i386\mssmbios.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\ohci1394.sys

[1] 2006-11-02 03:55:16 62080 C:\Windows\System32\drivers\ohci1394.sys ()

[1] 2006-11-02 03:55:16 62080 C:\Windows\System32\DriverStore\FileRepository\1394.inf_1c635995\ohci1394.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:34 61952 C:\Windows\Temp\SPI2138.tmp\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\ohci1394.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:34 61952 C:\Windows\Temp\SPIF7C1.tmp\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\ohci1394.sys (Microsoft Corporation)

[1] 2004-08-03 23:10:10 61056 C:\i386\ohci1394.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\parport.sys

[1] 2006-11-02 03:51:30 79360 C:\Windows\System32\drivers\parport.sys ()

[1] 2006-11-02 03:51:30 79360 C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\parport.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:34 79360 C:\Windows\Temp\SPI2138.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parport.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:34 79360 C:\Windows\Temp\SPIF7C1.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parport.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 80128 C:\i386\parport.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\parvdm.sys

[1] 2006-11-02 03:51:23 8704 C:\Windows\System32\drivers\parvdm.sys ()

[1] 2006-11-02 03:51:23 8704 C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\parvdm.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:30 8704 C:\Windows\Temp\SPI2138.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parvdm.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:30 8704 C:\Windows\Temp\SPIF7C1.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parvdm.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 6784 C:\i386\parvdm.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\pci.sys

[1] 2006-11-02 04:50:57 140392 C:\Windows\System32\drivers\pci.sys ()

[1] 2006-11-02 04:50:57 140392 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\pci.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:22 151096 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\pci.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:22 151096 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\pci.sys (Microsoft Corporation)

[1] 2004-08-03 23:07:48 68224 C:\i386\pci.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\pciide.sys

[1] 2006-11-02 04:49:20 13416 C:\Windows\System32\drivers\pciide.sys ()

[2] 2006-11-02 04:49:30 17512 C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)

[1] 2006-11-02 04:49:20 13416 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\pciide.sys (Microsoft Corporation)

[2] 2006-11-02 04:49:30 17512 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\viaide.sys (VIA Technologies, Inc.)

[1] 2008-01-19 00:41:14 16440 C:\Windows\Temp\SPI2138.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\pciide.sys (Microsoft Corporation)

[2] 2008-01-19 00:41:26 20024 C:\Windows\Temp\SPI2138.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\viaide.sys (VIA Technologies, Inc.)

[1] 2008-01-19 00:41:14 16440 C:\Windows\Temp\SPIF7C1.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\pciide.sys (Microsoft Corporation)

[2] 2008-01-19 00:41:26 20024 C:\Windows\Temp\SPIF7C1.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\viaide.sys (VIA Technologies, Inc.)

[1] 2001-08-17 13:51:52 3328 C:\i386\pciide.sys (Microsoft Corporation)

[2] 2004-08-03 22:59:44 5376 C:\i386\viaide.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\pciidex.sys

[1] 2006-11-02 04:50:18 42600 C:\Windows\System32\drivers\pciidex.sys ()

[1] 2006-11-02 04:50:18 42600 C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\pciidex.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:12 45112 C:\Windows\Temp\SPI2138.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\pciidex.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:12 45112 C:\Windows\Temp\SPIF7C1.tmp\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\pciidex.sys (Microsoft Corporation)

[1] 2004-08-03 22:59:42 25088 C:\i386\pciidex.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\pcmcia.sys

[1] 2006-11-02 04:51:12 167528 C:\Windows\System32\drivers\pcmcia.sys ()

[1] 2006-11-02 04:51:12 167528 C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_1259a379\pcmcia.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:36 179256 C:\Windows\Temp\SPI2138.tmp\x86_pcmcia.inf_31bf3856ad364e35_6.0.6001.18000_none_85cbd1df9b464e00\pcmcia.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:36 179256 C:\Windows\Temp\SPIF7C1.tmp\x86_pcmcia.inf_31bf3856ad364e35_6.0.6001.18000_none_85cbd1df9b464e00\pcmcia.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 119936 C:\i386\pcmcia.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\portcls.sys

[1] 2006-11-02 03:55:04 167424 C:\Windows\System32\drivers\portcls.sys ()

[1] 2006-11-02 03:55:04 167424 C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\portcls.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:20 167936 C:\Windows\Temp\SPI2138.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\portcls.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:20 167936 C:\Windows\Temp\SPIF7C1.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\portcls.sys (Microsoft Corporation)

[1] 2004-03-16 11:58:20 136960 C:\i386\portcls.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\rdpdr.sys

[1] 2006-11-02 04:03:00 242688 C:\Windows\System32\drivers\rdpdr.sys ()

[1] 2006-11-02 04:03:00 242688 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\rdpdr.sys (Microsoft Corporation)

[1] 2008-01-18 23:02:30 248832 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\rdpdr.sys (Microsoft Corporation)

[1] 2008-01-18 23:02:30 248832 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\rdpdr.sys (Microsoft Corporation)

[1] 2004-08-03 23:01:16 196864 C:\i386\rdpdr.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\serenum.sys

[1] 2006-11-02 03:51:25 17920 C:\Windows\System32\drivers\serenum.sys ()

[1] 2006-11-02 03:51:25 17920 C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serenum.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:30 17920 C:\Windows\Temp\SPI2138.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serenum.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:30 17920 C:\Windows\Temp\SPIF7C1.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serenum.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 15488 C:\i386\serenum.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\serial.sys

[1] 2006-11-02 03:51:30 83456 C:\Windows\System32\drivers\serial.sys ()

[1] 2006-11-02 03:51:30 83456 C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys (Microsoft Corporation)

[1] 2006-11-02 03:51:30 83456 C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:36 83456 C:\Windows\Temp\SPI2138.tmp\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:36 83456 C:\Windows\Temp\SPI2138.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:36 83456 C:\Windows\Temp\SPIF7C1.tmp\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:36 83456 C:\Windows\Temp\SPIF7C1.tmp\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 64896 C:\i386\serial.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\sermouse.sys

[1] 2006-11-02 03:51:11 19968 C:\Windows\System32\drivers\sermouse.sys ()

[1] 2006-11-02 03:51:11 19968 C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\sermouse.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 19968 C:\Windows\Temp\SPI2138.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\sermouse.sys (Microsoft Corporation)

[1] 2008-01-18 22:49:18 19968 C:\Windows\Temp\SPIF7C1.tmp\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\sermouse.sys (Microsoft Corporation)

[1] 2007-12-05 21:18:26 19968 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\sermouse.sys (Microsoft Corporation)

[1] 2007-12-05 21:25:37 19968 C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\sermouse.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\termdd.sys

[1] 2006-11-02 04:50:28 50792 C:\Windows\System32\drivers\termdd.sys ()

[1] 2006-11-02 04:50:28 50792 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:20 54328 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:20 54328 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys (Microsoft Corporation)

[1] 2004-08-04 01:01:08 40840 C:\i386\termdd.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\umbus.sys

[1] 2006-11-02 03:55:24 34816 C:\Windows\System32\drivers\umbus.sys ()

[1] 2006-11-02 03:55:24 34816 C:\Windows\System32\DriverStore\FileRepository\umbus.inf_6d285360\umbus.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:42 34816 C:\Windows\Temp\SPI2138.tmp\x86_umbus.inf_31bf3856ad364e35_6.0.6001.18000_none_0bdbc8d7c49fa65d\umbus.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:42 34816 C:\Windows\Temp\SPIF7C1.tmp\x86_umbus.inf_31bf3856ad364e35_6.0.6001.18000_none_0bdbc8d7c49fa65d\umbus.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\UMDF\WpdFs.dll

[1] 2006-11-02 04:46:14 219648 C:\Windows\System32\drivers\UMDF\WpdFs.dll ()

[1] 2006-11-02 04:46:14 219648 C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_96a77ef0\WpdFs.dll (Microsoft Corporation)

[1] 2008-01-19 00:37:10 220160 C:\Windows\Temp\SPI2138.tmp\x86_wpdfs.inf_31bf3856ad364e35_6.0.6001.18000_none_25ecd581d29bc201\wpdfs.dll (Microsoft Corporation)

[1] 2008-01-19 00:37:10 220160 C:\Windows\Temp\SPIF7C1.tmp\x86_wpdfs.inf_31bf3856ad364e35_6.0.6001.18000_none_25ecd581d29bc201\wpdfs.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbccgp.sys

[1] 2006-11-02 03:55:11 73216 C:\Windows\System32\drivers\usbccgp.sys ()

[1] 2006-11-02 03:55:11 73216 C:\Windows\System32\DriverStore\FileRepository\usb.inf_c89fac9c\usbccgp.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:30 73216 C:\Windows\Temp\SPI2138.tmp\x86_usb.inf_31bf3856ad364e35_6.0.6001.18000_none_caf866f60e72536f\usbccgp.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:30 73216 C:\Windows\Temp\SPIF7C1.tmp\x86_usb.inf_31bf3856ad364e35_6.0.6001.18000_none_caf866f60e72536f\usbccgp.sys (Microsoft Corporation)

[1] 2004-08-04 00:08:48 31616 C:\i386\usbccgp.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbd.sys

[1] 2006-11-02 03:55:00 5888 C:\Windows\System32\drivers\usbd.sys ()

[1] 2006-11-02 03:55:00 5888 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\usbd.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 5888 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbd.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:18 5888 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbd.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 4736 C:\i386\usbd.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbehci.sys

[1] 2006-11-02 03:55:04 38400 C:\Windows\System32\drivers\usbehci.sys ()

[1] 2006-11-02 03:55:04 38400 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\usbehci.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:22 39424 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbehci.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:22 39424 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbehci.sys (Microsoft Corporation)

[1] 2005-10-25 18:39:41 27264 C:\i386\usbehci.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbhub.sys

[1] 2006-11-02 03:55:21 191488 C:\Windows\System32\drivers\usbhub.sys ()

[1] 2006-11-02 03:55:21 191488 C:\Windows\System32\DriverStore\FileRepository\usb.inf_c89fac9c\usbhub.sys (Microsoft Corporation)

[1] 2006-11-02 03:55:21 191488 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\usbhub.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:44 194560 C:\Windows\Temp\SPI2138.tmp\x86_usb.inf_31bf3856ad364e35_6.0.6001.18000_none_caf866f60e72536f\usbhub.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:44 194560 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbhub.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:44 194560 C:\Windows\Temp\SPIF7C1.tmp\x86_usb.inf_31bf3856ad364e35_6.0.6001.18000_none_caf866f60e72536f\usbhub.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:44 194560 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbhub.sys (Microsoft Corporation)

[1] 2004-08-03 23:08:44 57600 C:\i386\usbhub.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbport.sys

[1] 2006-11-02 03:55:11 223744 C:\Windows\System32\drivers\usbport.sys ()

[1] 2006-11-02 03:55:11 223744 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\usbport.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:26 226304 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbport.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:26 226304 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbport.sys (Microsoft Corporation)

[1] 2005-10-25 18:39:41 143104 C:\i386\usbport.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\USBSTOR.SYS

[1] 2006-11-02 03:55:05 54784 C:\Windows\System32\drivers\USBSTOR.SYS ()

[1] 2006-11-02 03:55:05 54784 C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS (Microsoft Corporation)

[1] 2008-01-18 22:53:24 55296 C:\Windows\Temp\SPI2138.tmp\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\usbstor.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:24 55296 C:\Windows\Temp\SPIF7C1.tmp\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\usbstor.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\usbuhci.sys

[1] 2006-11-02 03:55:05 22528 C:\Windows\System32\drivers\usbuhci.sys ()

[1] 2006-11-02 03:55:05 22528 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\usbuhci.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:22 23552 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbuhci.sys (Microsoft Corporation)

[1] 2008-01-18 22:53:22 23552 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\usbuhci.sys (Microsoft Corporation)

[1] 2004-08-03 23:08:38 20480 C:\i386\usbuhci.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\vgapnp.sys

[1] 2006-11-02 03:53:56 26112 C:\Windows\System32\drivers\vgapnp.sys ()

[1] 2006-11-02 03:53:56 26112 C:\Windows\System32\DriverStore\FileRepository\display.inf_30c9fefa\vgapnp.sys (Microsoft Corporation)

[1] 2008-01-18 22:52:08 26112 C:\Windows\Temp\SPI2138.tmp\x86_display.inf_31bf3856ad364e35_6.0.6001.18000_none_80554009ce4ef485\vgapnp.sys (Microsoft Corporation)

[1] 2008-01-18 22:52:08 26112 C:\Windows\Temp\SPIF7C1.tmp\x86_display.inf_31bf3856ad364e35_6.0.6001.18000_none_80554009ce4ef485\vgapnp.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\volmgr.sys

[1] 2006-11-02 04:50:24 50280 C:\Windows\System32\drivers\volmgr.sys ()

[1] 2006-11-02 04:50:24 50280 C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\volmgr.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:20 52792 C:\Windows\Temp\SPI2138.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:20 52792 C:\Windows\Temp\SPIF7C1.tmp\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\volsnap.sys

[1] 2006-11-02 04:51:18 208488 C:\Windows\System32\drivers\volsnap.sys ()

[1] 2006-11-02 04:51:18 208488 C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:50 227896 C:\Windows\Temp\SPI2138.tmp\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys (Microsoft Corporation)

[1] 2008-01-19 00:42:50 227896 C:\Windows\Temp\SPIF7C1.tmp\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys (Microsoft Corporation)

[1] 2004-08-04 05:00:00 52352 C:\i386\volsnap.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\drivers\wmiacpi.sys

[1] 2006-11-02 03:35:03 11264 C:\Windows\System32\drivers\wmiacpi.sys ()

[1] 2006-11-02 03:35:03 11264 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\wmiacpi.sys (Microsoft Corporation)

[1] 2008-01-18 22:32:48 11264 C:\Windows\Temp\SPI2138.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\wmiacpi.sys (Microsoft Corporation)

[1] 2008-01-18 22:32:48 11264 C:\Windows\Temp\SPIF7C1.tmp\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\wmiacpi.sys (Microsoft Corporation)

[1] 2004-08-03 23:07:42 8832 C:\i386\wmiacpi.sys (Microsoft Corporation)

Cannot access: C:\Windows\System32\hal.dll

[1] 2006-11-02 04:51:12 160872 C:\Windows\System32\hal.dll ()

[1] 2005-06-22 19:05:52 134272 C:\i386\HAL.DLL (Microsoft Corporation)

Cannot access: C:\Windows\System32\halacpi.dll

[1] 2006-11-02 04:50:56 134760 C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halacpi.dll (Microsoft Corporation)

[1] 2006-11-02 04:50:56 134760 C:\Windows\System32\halacpi.dll ()

[1] 2008-01-19 00:42:14 141880 C:\Windows\Temp\SPI2138.tmp\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halacpi.dll (Microsoft Corporation)

[1] 2008-01-19 00:42:14 141880 C:\Windows\Temp\SPIF7C1.tmp\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halacpi.dll (Microsoft Corporation)

[1] 2004-08-03 20:59:08 81280 C:\i386\HALACPI.DLL (Microsoft Corporation)

Cannot access: C:\Windows\System32\halmacpi.dll

[1] 2006-11-02 04:51:12 160872 C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halmacpi.dll (Microsoft Corporation)

[1] 2006-11-02 04:51:12 160872 C:\Windows\System32\halmacpi.dll ()

[1] 2008-01-19 00:42:36 177208 C:\Windows\Temp\SPI2138.tmp\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll (Microsoft Corporation)

[1] 2008-01-19 00:42:36 177208 C:\Windows\Temp\SPIF7C1.tmp\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll (Microsoft Corporation)

[2] 2005-06-22 19:05:52 134272 C:\i386\HAL.DLL (Microsoft Corporation)

Cannot access: C:\Windows\System32\hccoin.dll

[1] 2006-11-02 04:46:05 8704 C:\Windows\System32\DriverStore\FileRepository\usbport.inf_4d107f9d\hccoin.dll (Microsoft Corporation)

[1] 2006-11-02 04:46:05 8704 C:\Windows\System32\hccoin.dll ()

[1] 2006-11-02 02:46:06 8704 C:\Windows\Temp\SPI2138.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\hccoin.dll (Microsoft Corporation)

[1] 2006-11-02 02:46:06 8704 C:\Windows\Temp\SPIF7C1.tmp\x86_usbport.inf_31bf3856ad364e35_6.0.6001.18000_none_bdc25f73038da156\hccoin.dll (Microsoft Corporation)

[1] 2004-08-04 05:00:00 7168 C:\i386\hccoin.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\iscsilog.dll

[1] 2006-11-02 02:31:53 14848 C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_ea5644c7\iscsilog.dll (Microsoft Corporation)

[1] 2006-11-02 02:31:53 14848 C:\Windows\System32\iscsilog.dll ()

[1] 2008-01-18 22:50:36 14848 C:\Windows\Temp\SPI2138.tmp\x86_iscsi.inf_31bf3856ad364e35_6.0.6001.18000_none_3cc3c5b3f3a6b22e\iscsilog.dll (Microsoft Corporation)

[1] 2008-01-18 22:50:36 14848 C:\Windows\Temp\SPIF7C1.tmp\x86_iscsi.inf_31bf3856ad364e35_6.0.6001.18000_none_3cc3c5b3f3a6b22e\iscsilog.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-22 18:45:39 31320 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-22 20:06:15 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-22 20:06:15 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-22 20:06:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-09-22 11:30:43 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()

Cannot access: C:\Windows\System32\SysFxUI.dll

[1] 2006-11-02 04:46:13 338944 C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\SysFxUI.dll (Microsoft Corporation)

[1] 2006-11-02 04:46:13 338944 C:\Windows\System32\SysFxUI.dll ()

[1] 2008-01-19 00:36:40 338944 C:\Windows\Temp\SPI2138.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\sysfxui.dll (Microsoft Corporation)

[1] 2008-01-19 00:36:40 338944 C:\Windows\Temp\SPIF7C1.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\sysfxui.dll (Microsoft Corporation)

Cannot access: C:\Windows\System32\WMALFXGFXDSP.dll

[1] 2006-11-02 04:46:14 1312256 C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\WMALFXGFXDSP.dll (Microsoft Corporation)

[1] 2006-11-02 04:46:14 1312256 C:\Windows\System32\WMALFXGFXDSP.dll ()

[1] 2008-01-19 00:37:00 1312256 C:\Windows\Temp\SPI2138.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\wmalfxgfxdsp.dll (Microsoft Corporation)

[1] 2008-01-19 00:37:00 1312256 C:\Windows\Temp\SPIF7C1.tmp\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\wmalfxgfxdsp.dll (Microsoft Corporation)

Found mount point : C:\Windows\Temp\cmi{211FA835-C8CC-47DF-9B38-06DB153190C1}\cmi{211FA835-C8CC-47DF-9B38-06DB153190C1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf10e6.tmp\mdf10e6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf10f.tmp\mdf10f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf150c.tmp\mdf150c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf165f.tmp\mdf165f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1863.tmp\mdf1863.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1884.tmp\mdf1884.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf18ad.tmp\mdf18ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf18ec.tmp\mdf18ec.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1a70.tmp\mdf1a70.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1ac0.tmp\mdf1ac0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1add.tmp\mdf1add.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1cc9.tmp\mdf1cc9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1d0d.tmp\mdf1d0d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1d18.tmp\mdf1d18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1d98.tmp\mdf1d98.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1e48.tmp\mdf1e48.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1e7.tmp\mdf1e7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf1f7c.tmp\mdf1f7c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf207b.tmp\mdf207b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf20a5.tmp\mdf20a5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2198.tmp\mdf2198.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf23a5.tmp\mdf23a5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf23d1.tmp\mdf23d1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf24d5.tmp\mdf24d5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf24f9.tmp\mdf24f9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2548.tmp\mdf2548.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf28eb.tmp\mdf28eb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf28f4.tmp\mdf28f4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2912.tmp\mdf2912.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf29f0.tmp\mdf29f0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2a4e.tmp\mdf2a4e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2a5.tmp\mdf2a5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2a68.tmp\mdf2a68.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2ac1.tmp\mdf2ac1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2d1c.tmp\mdf2d1c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2d81.tmp\mdf2d81.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2dc7.tmp\mdf2dc7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2ed9.tmp\mdf2ed9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf2efd.tmp\mdf2efd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf30.tmp\mdf30.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf31a0.tmp\mdf31a0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf31c9.tmp\mdf31c9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3275.tmp\mdf3275.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3297.tmp\mdf3297.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf32f3.tmp\mdf32f3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3379.tmp\mdf3379.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3446.tmp\mdf3446.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3474.tmp\mdf3474.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf347d.tmp\mdf347d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3510.tmp\mdf3510.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3631.tmp\mdf3631.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf36e0.tmp\mdf36e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3718.tmp\mdf3718.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf37bd.tmp\mdf37bd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3a06.tmp\mdf3a06.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3b0f.tmp\mdf3b0f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3bd8.tmp\mdf3bd8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3d3a.tmp\mdf3d3a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3d9f.tmp\mdf3d9f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3db5.tmp\mdf3db5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3dfd.tmp\mdf3dfd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3e89.tmp\mdf3e89.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3f23.tmp\mdf3f23.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3f5d.tmp\mdf3f5d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf3f84.tmp\mdf3f84.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4034.tmp\mdf4034.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4059.tmp\mdf4059.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4084.tmp\mdf4084.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4172.tmp\mdf4172.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4304.tmp\mdf4304.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4335.tmp\mdf4335.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4393.tmp\mdf4393.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4487.tmp\mdf4487.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4512.tmp\mdf4512.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4526.tmp\mdf4526.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4560.tmp\mdf4560.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf45a.tmp\mdf45a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf45be.tmp\mdf45be.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf46ab.tmp\mdf46ab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4704.tmp\mdf4704.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4876.tmp\mdf4876.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf48be.tmp\mdf48be.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf49ab.tmp\mdf49ab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4ae.tmp\mdf4ae.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4b34.tmp\mdf4b34.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4b5b.tmp\mdf4b5b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4c5f.tmp\mdf4c5f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4cf6.tmp\mdf4cf6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4e19.tmp\mdf4e19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4e56.tmp\mdf4e56.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4e68.tmp\mdf4e68.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4e8a.tmp\mdf4e8a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4f1e.tmp\mdf4f1e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf4f41.tmp\mdf4f41.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf50a7.tmp\mdf50a7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf50e4.tmp\mdf50e4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf525f.tmp\mdf525f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf52c4.tmp\mdf52c4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf52cc.tmp\mdf52cc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf52e0.tmp\mdf52e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf52e7.tmp\mdf52e7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf52ed.tmp\mdf52ed.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5328.tmp\mdf5328.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5352.tmp\mdf5352.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf53b4.tmp\mdf53b4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf550.tmp\mdf550.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf56b6.tmp\mdf56b6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf56c4.tmp\mdf56c4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5705.tmp\mdf5705.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf57c2.tmp\mdf57c2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf585b.tmp\mdf585b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5a06.tmp\mdf5a06.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5b0.tmp\mdf5b0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5b18.tmp\mdf5b18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5b84.tmp\mdf5b84.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5c0b.tmp\mdf5c0b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5c8.tmp\mdf5c8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5daf.tmp\mdf5daf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5dea.tmp\mdf5dea.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5e79.tmp\mdf5e79.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5e87.tmp\mdf5e87.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5eb3.tmp\mdf5eb3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5edd.tmp\mdf5edd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5f14.tmp\mdf5f14.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5f9e.tmp\mdf5f9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf5fd7.tmp\mdf5fd7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf601.tmp\mdf601.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf601e.tmp\mdf601e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf603.tmp\mdf603.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf609a.tmp\mdf609a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf60b8.tmp\mdf60b8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf60ba.tmp\mdf60ba.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf60d0.tmp\mdf60d0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf60ec.tmp\mdf60ec.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6116.tmp\mdf6116.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6135.tmp\mdf6135.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6256.tmp\mdf6256.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6270.tmp\mdf6270.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf63e.tmp\mdf63e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf67.tmp\mdf67.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6766.tmp\mdf6766.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf676d.tmp\mdf676d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6798.tmp\mdf6798.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf67e9.tmp\mdf67e9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf68fe.tmp\mdf68fe.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6968.tmp\mdf6968.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6a03.tmp\mdf6a03.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6a27.tmp\mdf6a27.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6a62.tmp\mdf6a62.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6a86.tmp\mdf6a86.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6ac3.tmp\mdf6ac3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6af1.tmp\mdf6af1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6c41.tmp\mdf6c41.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6c46.tmp\mdf6c46.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6dde.tmp\mdf6dde.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6dfb.tmp\mdf6dfb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6e36.tmp\mdf6e36.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6e65.tmp\mdf6e65.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6ef2.tmp\mdf6ef2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf6f23.tmp\mdf6f23.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7003.tmp\mdf7003.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7030.tmp\mdf7030.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf703f.tmp\mdf703f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf70c.tmp\mdf70c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf71bd.tmp\mdf71bd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf72.tmp\mdf72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf726b.tmp\mdf726b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7292.tmp\mdf7292.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf72b6.tmp\mdf72b6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf72bc.tmp\mdf72bc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf733c.tmp\mdf733c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7370.tmp\mdf7370.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf73ab.tmp\mdf73ab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf746a.tmp\mdf746a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf753e.tmp\mdf753e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7553.tmp\mdf7553.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7558.tmp\mdf7558.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf75f9.tmp\mdf75f9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7650.tmp\mdf7650.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf76e2.tmp\mdf76e2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7732.tmp\mdf7732.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7750.tmp\mdf7750.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7828.tmp\mdf7828.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf78c5.tmp\mdf78c5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf79b4.tmp\mdf79b4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf79df.tmp\mdf79df.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7a44.tmp\mdf7a44.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7a70.tmp\mdf7a70.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7e5b.tmp\mdf7e5b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf7ed5.tmp\mdf7ed5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf85.tmp\mdf85.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf8d5.tmp\mdf8d5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdf8f5.tmp\mdf8f5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfa22.tmp\mdfa22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfbc1.tmp\mdfbc1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfc94.tmp\mdfc94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfcbf.tmp\mdfcbf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfd8d.tmp\mdfd8d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfda3.tmp\mdfda3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\mdfff3.tmp\mdfff3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SPIF7C1.tmp\$dpx$.tmp\$dpx$.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Web\printers\images\images

Mount point destination : \Device\__max++>\^

Finished!

Edited by Orange Blossom, 23 September 2009 - 10:42 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 sundavis

Malware Response Team
2,708 posts
OFFLINE

Gender:Not Telling
Local time:05:02 PM

Posted 01 October 2009 - 04:29 PM

Hi tigergrrl,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,

My name is sundavis, I will be helping you to deal with your Malware problems today.
Please go into safe mode with networking if you can't run any program in normal mode.

Step1

1.Download The Avenger by Swandog and save it to your Desktop.

2.Close all open programs(including IE) and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool.

3.Okay the warning. When the Avenger display opens, copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Files to move:
C:\Windows\System32\logevent.dll | C:\WINDOWS\system32\cngaudit.dll

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avengerâ€™s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply. Now, Reboot your pc. You should boot into the Normal Mode and please do the following:

Step2

Please go to SysProt Antirootkit homepage from Here , scroll down to the bottom of the page and download the attachments.

Unzip it to your desktop.
Double click Sysprot.exe to run the program.
Click on the Log tab.
In the Write to log box select all boxes.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same Sysprot folder. Copy/paste the log in your next reply.

Step3

1.Please download the latest version of Icesword from Here .
2.Right click on IceSword122en.zip and select Extract All....
3.Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
4.Click on the Browse button. Click on Desktop. Then click OK.
5.Once done, check the Show extracted files box and click Finish. Double click on Icesword.exe to run it
6.Please click Kernel Module in the left pane, click Log (blue color) in the upper column, right under the Plugin menu and save/paste the log in your next reply.

Step4

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:file
atapi.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

After that, Please go toJotti's Scan or Virus Total for scanning one suspicious file.
Copy /paste the below files path into the text box next to the Browse button at the top of the page

C:\Windows\System32\drivers\atapi.sys

Click the Submit or Send File button and copy "Scanner results", and paste the contents into your next reply.

In your next reply, please post back:

1.Sysprot log
2.IceSword log
3.SystemLook.txt
4.Avenger.txt
5.Virus Total scan result Thanks.

Edited by sundavis, 01 October 2009 - 05:06 PM.

#3 tigergrrl

Topic Starter

Members
8 posts
OFFLINE

Gender:Female
Local time:05:02 PM

Posted 06 October 2009 - 12:46 AM

Hi Sundavis,

Thanks so much for your help! Sorry for my delay in responding -- I was out of town and have now been having problems with my computer crashing anytime I am not in safe mode... I will keep trying and will post what I can within the next 24 hours.

thanks,

tigergrrl

Edited by tigergrrl, 06 October 2009 - 12:46 AM.

#4 tigergrrl

Topic Starter

Members
8 posts
OFFLINE

Gender:Female
Local time:05:02 PM

Posted 07 October 2009 - 03:05 PM

Hi Sundavis,

I have still been having trouble. I ran the Avenger, and when I was rebooted, the log file opened but then my computer crashed with the blue screen coming up.

I re-ran the Avenger, and the same thing happened. I did find the file, however, and here it is:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Windows\System32\logevent.dll" not found!
File move operation "C:\Windows\System32\logevent.dll|C:\WINDOWS\system32\cngaudit.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

I have not been able to get my laptop to work (not crash) except when I am in safe mode. I did try to run the other programs in safe mode, and some of them worked and gave me log files. Should I post those here?

#5 sundavis

Malware Response Team
2,708 posts
OFFLINE

Gender:Not Telling
Local time:05:02 PM

Posted 07 October 2009 - 06:10 PM

Hi tigergrr,

Should I post those here?

I can't see any reason preventing you from posting here. Please attach those old logs in your next reply. Go to Here if you don't know how.

Then post the following logs directly into this thread. Delete the old Win32KDiag.exe and txt file form your desktop and download it again from Here .

Step1

We will run win32kdiag once again. Click on Start>Run, and copy/paste the following bold command into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

If you have problem to run ComboFix, please delete that copy and redownload it. Rename the ComboFix.exe to tigergrr.exe before saving it to your desktop.

After running CF successfully, you should be able to boot into normal mode and run OTL as well.

Step3

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the OTL on your desktop.
Click the "Scan All Users" checkbox.
Push the Run Scan button.
Two reports will open, copy and paste them in your next reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

In your next reply, please post back:

1.Win32kDiag.txt log
2.ComboFix log
3.OTListIt.txt and Extra.txt

If you can't fill those logs into one thread, you can use multiple posts. Thanks