Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log


  • This topic is locked This topic is locked
50 replies to this topic

#1 Kevm36

Kevm36

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 30 September 2011 - 08:11 PM

Scan saved at 9:08:26 PM, on 9/30/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\PurgeIE\PurgPro_Service.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 4636 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 05 October 2011 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421330 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 06 October 2011 - 10:27 PM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Kev at 23:23:14 on 2011-10-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2158 [GMT -4:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PurgeIE\PurgPro_Service.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6} : DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kev\appdata\roaming\mozilla\firefox\profiles\8v9q3cnb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60818.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-9-12 221784]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-9-12 78936]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PurgProService;PurgPro XP Service;c:\purgeie\PurgPro_Service.exe [2011-9-22 349488]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-29 74456]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-9-6 181584]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2011-9-26 618896]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-6-6 81936]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-9-22 38608]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-9-12 69208]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-29 101720]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-9-6 2804280]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-3-16 30752]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-9-12 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-9-12 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\webroot\washer\wrSSweep.sys [2011-9-26 21904]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-10-07 02:42:34 -------- d-----w- c:\users\kev\appdata\local\{4DA5FE26-4DAF-4CD7-B075-A9F36ED73C71}
2011-10-07 02:42:12 -------- d-----w- c:\users\kev\appdata\local\{7FBD9448-A117-40AA-BEE9-E7E94E731298}
2011-10-05 22:51:38 -------- d-----w- c:\users\kev\appdata\local\{6A1BD35C-F42A-43EA-A9F8-0A7CA9D48991}
2011-10-05 22:51:20 -------- d-----w- c:\users\kev\appdata\local\{A971E401-0B50-47C8-AB33-61A354BC046A}
2011-10-04 22:09:58 -------- d-----w- c:\users\kev\appdata\local\{FF910ACE-AEE3-4345-AD53-73099F00B4FC}
2011-10-04 22:09:51 -------- d-----w- c:\users\kev\appdata\local\{9DB1E536-30CB-4F0B-8F9E-BEBB6FD6C27D}
2011-10-03 22:06:23 -------- d-----w- c:\users\kev\appdata\local\{D5D734BB-75FD-4279-AEBB-BDAA41ACC6CB}
2011-10-03 22:06:12 -------- d-----w- c:\users\kev\appdata\local\{D9AE3E51-1E83-44F1-B975-E368C1D7CF88}
2011-10-02 17:26:31 -------- d-----w- c:\users\kev\appdata\local\{F40C0156-4DCF-48CD-B786-46EB75186994}
2011-10-02 17:26:09 -------- d-----w- c:\users\kev\appdata\local\{66D7171E-7DC1-4957-830E-B99487B56CFF}
2011-10-02 02:11:01 -------- d-----w- c:\users\kev\appdata\local\{F12CE16B-17EE-47AA-966A-A6E030FEF91D}
2011-10-02 02:10:49 -------- d-----w- c:\users\kev\appdata\local\{E0F10893-4856-405D-A815-2DB6BC4F1801}
2011-10-01 05:56:10 -------- d-----w- c:\users\kev\appdata\local\{1FE7518F-A3FC-476F-9614-C4371038DA8B}
2011-10-01 05:55:58 -------- d-----w- c:\users\kev\appdata\local\{8A9A7773-12D3-4445-AD38-7A8ADD0E7ABB}
2011-09-29 01:36:14 87 ----a-w- c:\users\kev\appdata\roaming\netstat.bat
2011-09-29 00:59:58 -------- d-----w- c:\program files\FileHippo.com
2011-09-29 00:30:09 -------- d-----w- c:\program files\MSECache
2011-09-28 01:02:32 -------- d-----w- c:\users\kev\appdata\roaming\GlarySoft
2011-09-28 01:02:32 -------- d-----w- c:\program files\Quick Startup
2011-09-27 22:30:22 -------- d-----w- c:\users\kev\appdata\local\{0AB6F89D-5AE0-4C71-9E9A-5876251E5C11}
2011-09-27 22:30:14 -------- d-----w- c:\users\kev\appdata\local\{860F4165-9DFF-434A-8CEA-D725C9A62244}
2011-09-26 22:04:36 -------- d-----w- c:\users\kev\appdata\local\{BCE49184-1734-41E5-BAA9-D257D8C75462}
2011-09-26 22:04:36 -------- d-----w- c:\users\kev\appdata\local\{5BD758C8-D916-4CD8-9E1B-37F9AEBCD055}
2011-09-26 04:04:23 -------- d-----w- c:\program files\Webroot
2011-09-26 04:04:23 -------- d-----w- c:\program files\common files\Webroot Shared
2011-09-26 04:00:08 -------- d-----w- c:\users\kev\appdata\roaming\Webroot
2011-09-26 04:00:08 -------- d-----w- c:\programdata\Webroot
2011-09-26 04:00:03 365456 ----a-w- c:\windows\Unwash6.exe
2011-09-25 03:43:40 -------- d-----w- c:\users\kev\appdata\local\{CC0EAC50-C56A-4C11-AD33-4307810DDE2B}
2011-09-25 03:43:28 -------- d-----w- c:\users\kev\appdata\local\{375BC143-629F-407D-BC56-509D22F3215E}
2011-09-25 00:52:50 -------- d-----w- c:\programdata\PCPitstop
2011-09-25 00:42:29 -------- d-----w- c:\programdata\iolo
2011-09-24 23:58:03 -------- d-----w- c:\program files\Security Task Manager
2011-09-24 21:43:14 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-24 21:42:45 -------- d-----w- c:\programdata\Hitman Pro
2011-09-24 20:52:14 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-24 19:06:10 -------- d-----w- c:\programdata\Uniblue
2011-09-24 19:04:02 -------- d-----w- c:\users\kev\appdata\local\PackageAware
2011-09-24 15:43:01 -------- d-----w- c:\users\kev\appdata\local\{19DE3B95-697F-4866-A63D-353F394B8A6E}
2011-09-24 15:42:52 -------- d-----w- c:\users\kev\appdata\local\{EF8E0DFD-3B75-499E-93C9-14F006431A2E}
2011-09-23 22:11:46 -------- d-----w- c:\users\kev\appdata\local\{794A0C0F-A1C0-4A55-8AF5-4BB27C4B7D03}
2011-09-23 22:11:37 -------- d-----w- c:\users\kev\appdata\local\{2868B9BF-0250-4AAD-8D68-556D9CABD832}
2011-09-22 23:52:52 38608 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2011-09-22 23:52:45 -------- d-----w- c:\program files\common files\Diskeeper Corporation
2011-09-22 23:52:44 -------- d-----w- c:\programdata\Diskeeper Corporation
2011-09-22 23:52:36 -------- d-----w- c:\program files\Windows Home Server
2011-09-22 23:52:36 -------- d-----w- c:\program files\Diskeeper Corporation
2011-09-22 23:49:31 20942704 ----a-w- c:\program files\mozilla firefox\x86\setup.exe
2011-09-22 23:49:30 599376 ----a-w- c:\program files\mozilla firefox\Autorun.exe
2011-09-22 23:49:30 22087976 ----a-w- c:\program files\mozilla firefox\x64\setup.exe
2011-09-22 22:41:32 -------- d-----w- c:\programdata\PurgeIE
2011-09-22 22:41:27 -------- d-----w- c:\users\kev\appdata\roaming\PurgeIE
2011-09-22 22:41:26 -------- d-----w- C:\PurgeIE
2011-09-22 22:23:11 -------- d-----w- c:\users\kev\appdata\local\{066824C9-2DA1-43A2-A577-0496740A9886}
2011-09-22 22:22:59 -------- d-----w- c:\users\kev\appdata\local\{638AA788-0E8E-4EC2-A065-D778F85FDEE4}
2011-09-22 22:02:31 -------- d-----w- c:\users\kev\appdata\local\{E6851BEC-A3FB-4CB3-A476-53E10E4B55C9}
2011-09-21 23:04:18 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-21 21:54:35 -------- d-----w- c:\users\kev\appdata\local\{97B8AACC-6438-4C0B-9FEB-B249BFCB0A63}
2011-09-21 21:54:26 -------- d-----w- c:\users\kev\appdata\local\{44F255BE-111E-4816-82CC-B77E1186AEAD}
2011-09-21 02:00:57 -------- d-----w- c:\users\kev\appdata\local\{E0124FD4-2386-4B5E-89B9-DB356FEA1276}
2011-09-21 02:00:41 -------- d-----w- c:\users\kev\appdata\local\{0087B65F-3B34-4974-984B-292F4B1A7326}
2011-09-21 00:13:38 -------- d-----w- c:\users\kev\appdata\local\{BD88B4CD-A96C-44CE-A714-DFD5D9728A58}
2011-09-21 00:13:19 -------- d-----w- c:\users\kev\appdata\local\{BE7FA231-F4CB-43B6-9381-375338A37E8C}
2011-09-20 00:33:30 -------- d-----w- c:\users\kev\appdata\local\WinZip
2011-09-19 22:48:06 -------- d-----w- c:\users\kev\appdata\local\{ADFAAA9B-9929-4CC6-8CB1-B1A827CE9E76}
2011-09-19 22:48:01 -------- d-----w- c:\users\kev\appdata\local\{2C66CCBE-5928-4671-A260-A7002BE567A9}
2011-09-18 16:11:05 -------- d-----w- c:\users\kev\appdata\local\{C6FC5914-48EC-490B-A10C-CFEAD2C0587F}
2011-09-18 16:10:56 -------- d-----w- c:\users\kev\appdata\local\{1F1293F3-D330-45B0-BD11-DB6058D9A828}
2011-09-17 14:36:03 -------- d-----w- c:\users\kev\appdata\local\{1A83962D-E2C4-47C7-9D5B-F78E14692700}
2011-09-17 14:35:53 -------- d-----w- c:\users\kev\appdata\local\{3BF1D174-0215-4EF0-B9E5-1B795BCD7B85}
2011-09-17 14:35:52 -------- d-----w- c:\users\kev\appdata\local\{A65E8BA0-D63D-4D95-B6A2-BB3D302975FF}
2011-09-16 22:45:04 -------- d-----w- c:\users\kev\appdata\local\{4F090CC2-5BCD-40E1-8DDD-A296C2BF4F03}
2011-09-16 22:44:56 -------- d-----w- c:\users\kev\appdata\local\{AE1AC9F4-3998-45F4-B9F0-F7E5E70F8E1A}
2011-09-16 00:07:34 -------- d-----w- c:\users\kev\appdata\local\{11A4E0AF-C1F5-474D-B2D1-13B04ADA8450}
2011-09-16 00:07:11 -------- d-----w- c:\users\kev\appdata\local\{5A8A035C-C8CE-4793-AC8F-0CD041C7CBB0}
2011-09-15 00:29:43 -------- d-----w- c:\users\kev\Tracing
2011-09-14 23:11:55 -------- d-----w- c:\users\kev\appdata\local\{013AA335-C47A-499E-B784-547768313B35}
2011-09-14 23:11:54 -------- d-----w- c:\users\kev\appdata\local\{AD45FD33-9D97-47B1-9226-555DC0B45A11}
2011-09-14 23:11:41 -------- d-----w- c:\users\kev\appdata\roaming\Windows Live Writer
2011-09-14 23:11:38 -------- d-----w- c:\users\kev\appdata\local\Windows Live Writer
2011-09-14 23:06:10 7450888 ----a-w- c:\program files\common files\windows live\.cache\e364c4741cc733214\bingbarsetup.exe
2011-09-14 23:05:19 15712 ----a-w- c:\program files\common files\windows live\.cache\c5e3d1c41cc733205\MeshBetaRemover.exe
2011-09-14 23:03:39 -------- d-----w- c:\users\kev\appdata\local\{18264D61-9CBD-412F-9576-13AF635B5CBA}
2011-09-14 23:03:38 -------- d-----w- c:\users\kev\appdata\local\{C67ED038-4C38-4884-A629-F93DDBC9F2BB}
2011-09-14 03:02:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-14 02:50:50 -------- d-----w- c:\program files\SpywareBlaster
2011-09-14 02:26:27 -------- d-----w- c:\users\kev\appdata\local\Secunia PSI
2011-09-14 02:26:20 -------- d-----w- c:\program files\Secunia
2011-09-14 00:05:40 -------- d-----w- c:\program files\ESET
2011-09-13 22:43:21 -------- d-----w- c:\users\kev\appdata\roaming\Malwarebytes
2011-09-13 22:43:18 -------- d-----w- c:\programdata\Malwarebytes
2011-09-13 22:43:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 22:43:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-13 01:39:02 -------- d-----w- c:\users\kev\appdata\local\Apple Computer
2011-09-13 01:38:53 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-13 01:38:53 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-13 01:37:59 -------- d-----w- c:\program files\iPod
2011-09-13 01:37:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-09-13 01:37:57 -------- d-----w- c:\program files\iTunes
2011-09-13 01:34:04 -------- d-----w- c:\program files\Bonjour
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-13 01:33:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-13 01:30:49 -------- d-----w- c:\users\kev\appdata\local\Apple
2011-09-13 01:30:08 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-13 01:24:24 -------- d-----w- c:\users\kev\appdata\roaming\Avanquest
2011-09-13 01:24:24 -------- d-----w- c:\programdata\Avanquest
2011-09-13 01:23:49 -------- d-----w- c:\program files\Avanquest
2011-09-13 01:08:54 -------- d-----w- c:\windows\en
2011-09-13 01:07:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-13 01:05:17 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-09-13 01:05:17 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-09-13 01:05:17 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-09-13 01:04:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-13 01:03:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-13 00:59:58 94040 ----a-w- c:\program files\common files\windows live\.cache\746c99401cc71b008\DSETUP.dll
2011-09-13 00:59:58 525656 ----a-w- c:\program files\common files\windows live\.cache\746c99401cc71b008\DXSETUP.exe
2011-09-13 00:59:58 1691480 ----a-w- c:\program files\common files\windows live\.cache\746c99401cc71b008\dsetup32.dll
2011-09-13 00:59:55 94040 ----a-w- c:\program files\common files\windows live\.cache\725503e01cc71b007\DSETUP.dll
2011-09-13 00:59:55 525656 ----a-w- c:\program files\common files\windows live\.cache\725503e01cc71b007\DXSETUP.exe
2011-09-13 00:59:55 1691480 ----a-w- c:\program files\common files\windows live\.cache\725503e01cc71b007\dsetup32.dll
2011-09-13 00:58:29 -------- d-----w- c:\users\kev\appdata\local\Windows Live
2011-09-13 00:52:17 -------- d-----w- c:\program files\Windows Portable Devices
2011-09-13 00:46:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-09-13 00:46:48 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-13 00:46:48 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-13 00:46:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-09-13 00:46:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-09-13 00:46:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-09-13 00:46:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-09-13 00:46:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-09-13 00:46:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-09-13 00:46:02 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-09-13 00:44:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-09-13 00:44:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 00:44:23 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 00:37:31 17920 ----a-w- c:\windows\system32\netevent.dll
2011-09-13 00:37:31 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-09-13 00:36:25 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-13 00:31:15 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-13 00:31:15 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-13 00:24:44 -------- d-----w- c:\users\kev\appdata\local\{71E21D1C-50D4-4C9E-94CF-1F642A6367C1}
2011-09-13 00:22:04 -------- d-----w- c:\users\kev\appdata\local\{9AFF0814-3CDA-4363-9E79-A1C1758E449D}
2011-09-13 00:14:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-09-13 00:14:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-09-13 00:12:12 -------- d-----w- c:\users\kev\appdata\local\{B959DA57-8055-4171-A37E-B4C5593D6443}
2011-09-13 00:01:42 -------- d-----w- c:\windows\system32\eu-ES
2011-09-13 00:01:42 -------- d-----w- c:\windows\system32\ca-ES
2011-09-13 00:01:40 -------- d-----w- c:\windows\system32\vi-VN
2011-09-12 23:46:22 -------- d-----w- c:\windows\system32\EventProviders
2011-09-12 23:46:20 -------- d-----w- c:\users\kev\appdata\local\{EBA7D128-21CB-445A-AE1D-B504AB49D514}
2011-09-12 23:12:02 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-09-12 22:56:31 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-09-12 22:55:20 355832 ----a-w- c:\program files\internet explorer\pdm.dll
2011-09-12 22:55:20 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
2011-09-12 22:53:59 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-09-12 22:51:35 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-12 22:51:35 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-12 22:51:35 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-09-12 22:51:35 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-12 22:51:35 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-09-12 07:37:40 55808 ----a-w- c:\windows\devcon.exe
2011-09-12 06:13:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-09-12 06:13:57 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-09-12 06:13:57 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-09-12 06:12:54 -------- d-----w- c:\program files\MSXML 4.0
2011-09-12 06:07:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-09-12 06:05:49 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-09-12 06:04:58 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-09-12 05:51:29 -------- d-----w- c:\program files\common files\Windows Live
2011-09-12 05:51:16 -------- d-----w- c:\users\kev\appdata\local\{6FD91127-AEB1-40B1-AE95-D96C70ECAB08}
2011-09-12 05:40:43 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-09-12 05:40:42 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-09-12 05:39:23 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-09-12 05:38:05 276992 ----a-w- c:\windows\system32\schannel.dll
2011-09-12 05:38:02 98304 ----a-w- c:\windows\system32\cabview.dll
2011-09-12 05:36:32 -------- d-----w- c:\program files\AMD APP
2011-09-12 05:31:28 -------- d-----w- C:\ATI
2011-09-12 05:30:24 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-09-12 05:30:16 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-09-12 05:30:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-09-12 05:30:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-09-12 05:28:31 -------- d-----w- c:\program files\CCleaner
2011-09-12 05:23:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 05:22:29 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-12 04:59:14 388096 ----a-r- c:\users\kev\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-12 04:59:13 -------- d-----w- c:\program files\Trend Micro
2011-09-12 04:44:09 -------- d-----w- c:\programdata\Sunbelt
2011-09-12 04:44:08 -------- d-----w- c:\users\kev\appdata\roaming\Sunbelt
2011-09-12 04:42:41 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-09-12 04:42:41 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-09-12 04:42:37 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-09-12 04:42:37 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-09-12 04:42:34 -------- d-----w- c:\program files\Sunbelt Software
2011-09-12 04:31:08 -------- d-----w- c:\windows\pss
2011-09-12 04:24:59 -------- d-----w- c:\users\kev\appdata\local\ATI
2011-09-12 04:24:38 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-12 04:22:53 -------- d-----w- c:\program files\common files\ATI Technologies
2011-09-12 04:21:57 -------- d-----w- c:\program files\ATI Technologies
2011-09-12 04:21:08 -------- d-----w- C:\AMD
2011-09-12 04:01:19 -------- d-----w- c:\users\kev\appdata\local\Adobe
2011-09-12 03:54:16 -------- d-----w- c:\users\kev\appdata\local\Seven Zip
2011-09-12 03:52:24 77824 ----a-w- c:\windows\system32\drivers\INT15_DETECT.EXE
2011-09-12 03:51:24 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-09-12 03:51:23 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-09-12 03:51:23 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-09-12 03:51:23 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-09-12 03:50:53 -------- d-----w- c:\program files\ATI
2011-09-12 03:48:46 -------- d-----w- c:\users\kev\appdata\local\PowerCinema
2011-09-12 03:48:03 -------- d-----w- c:\users\kev\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2011-09-12 07:37:40 1908 ----a-w- c:\windows\CLEANUP.CMD
2011-09-06 16:30:42 42832 ----a-w- c:\windows\system32\sbbd.exe
2011-08-29 21:36:34 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 21:36:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-28 22:22:04 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 21:49:12 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-28 21:48:54 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 21:48:36 13555712 ----a-w- c:\windows\system32\amdocl.dll
2011-07-28 21:44:06 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-28 21:36:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:35:52 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-28 21:33:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-28 21:33:34 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-28 21:11:42 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-28 21:11:14 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-28 21:11:02 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-28 21:09:10 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-28 21:01:48 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54:42 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54:30 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54:18 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-28 20:53:46 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-28 20:53:00 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-28 20:52:38 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-28 20:52:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51:04 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 23:23:29.89 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/12/2011 2:42:51 AM
System Uptime: 10/6/2011 10:40:50 PM (1 hours ago)
.
Motherboard: ACER | | MCP73VE
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 2003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 102.705 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 139.576 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP104: 9/24/2011 9:19:41 PM - SLOW-PCfighter Backup
RP105: 9/25/2011 3:23:27 PM - SLOW-PCfighter Backup
RP106: 9/26/2011 12:26:57 AM - SLOW-PCfighter Backup
RP107: 9/26/2011 11:19:51 PM - Scheduled Checkpoint
RP108: 9/27/2011 8:40:32 PM - Windows Update
RP109: 9/28/2011 1:37:45 AM - Removed Fix-It Utilities 11 Professional
RP110: 9/28/2011 8:30:10 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP111: 9/28/2011 8:36:19 PM - Windows Update
RP112: 9/28/2011 8:38:09 PM - Windows Update
RP113: 9/28/2011 8:42:14 PM - Windows Update
RP114: 9/28/2011 9:01:43 PM - Installed Java™ 7
RP115: 9/30/2011 8:48:02 PM - Installed Adobe Reader X (10.1.0).
RP116: 10/2/2011 10:47:27 PM - Scheduled Checkpoint
RP117: 10/3/2011 9:51:37 PM - Scheduled Checkpoint
RP118: 10/4/2011 10:49:25 PM - Scheduled Checkpoint
RP119: 10/5/2011 8:23:56 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Problem Report Wizard
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
CCleaner
D3DX10
Diskeeper 2011 Home
ESET Online Scanner v3
FileHippo.com Update Checker
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
iTunes
Java Auto Updater
Java™ 6 Update 27
Java™ 7
Junk Mail filter update
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PurgeIE Pro - 4.05
Quick Startup 2.8.0.718
QuickTime
Realtek High Definition Audio Driver
Secunia PSI (2.0.0.3003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SpywareBlaster 4.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIPRE Antivirus Premium
Window Washer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 8:48:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/30/2011 8:48:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2011 8:48:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/2/2011 7:31:39 PM, Error: Service Control Manager [7034] - The Windows Backup service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#4 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 06 October 2011 - 10:48 PM

Rootkit scan 2011-10-06 23:45:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c WDC_WD32 rev.01.0
Running: gmer.exe; Driver: C:\Users\Kev\AppData\Local\Temp\kxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E602000, 0x39CB05, 0xE8000020]
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 80E5503F 91 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B1B 80E5509B 18 Bytes [80, 85, C9, 7C, 18, 8D, 41, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 80E550AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 80E550AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 80E55130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE ...
? C:\Users\Kev\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Washer\WasherSvc.exe[2464] kernel32.dll!CreateThread + 1A 7721CB48 4 Bytes CALL 0008EE55 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2472] USER32.dll!GetWindowInfo 77BF428E 5 Bytes JMP 675BD41A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2472] USER32.dll!TrackPopupMenu 77C014F3 5 Bytes JMP 675BD9D8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] ntdll.dll!LdrLoadDll 77A493A8 5 Bytes JMP 674429D0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3400] USER32.dll!GetWindowInfo 77BF428E 5 Bytes JMP 675C42E0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:2860] 9FD9E3D4

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:05 PM

Posted 09 October 2011 - 08:05 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you tell me what problems you are experiencing

Next, please run aswMBR and MBRCheck

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#6 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 09 October 2011 - 10:48 AM

Run date: 2011-10-09 11:43:51
-----------------------------
11:43:51.932 OS Version: Windows 6.0.6002 Service Pack 2
11:43:51.932 Number of processors: 2 586 0xF0D
11:43:51.933 ComputerName: KEV-PC UserName: Kev
11:43:52.598 Initialize success
11:43:56.289 AVAST engine defs: 11100900
11:44:07.817 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
11:44:07.819 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
11:44:09.860 Disk 0 MBR read successfully
11:44:09.863 Disk 0 MBR scan
11:44:09.867 Disk 0 unknown MBR code
11:44:09.871 Disk 0 scanning sectors +625139712
11:44:09.957 Disk 0 scanning C:\Windows\system32\drivers
11:44:16.657 Service scanning
11:44:17.597 Modules scanning
11:44:21.059 Disk 0 trace - called modules:
11:44:21.077 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
11:44:21.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852b3030]
11:44:21.085 3 CLASSPNP.SYS[8079d8b3] -> nt!IofCallDriver -> [0x84d397b0]
11:44:21.089 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\0000005d[0x84d27890]
11:44:21.615 AVAST engine scan C:\Windows
11:44:23.632 AVAST engine scan C:\Windows\system32
11:45:51.564 AVAST engine scan C:\Windows\system32\drivers
11:45:59.362 AVAST engine scan C:\Users\Kev
11:46:29.995 AVAST engine scan C:\ProgramData
11:47:07.532 Scan finished successfully
11:47:39.761 Disk 0 MBR has been saved successfully to "C:\Users\Kev\Desktop\MBR.dat"
11:47:39.765 The log file has been saved successfully to "C:\Users\Kev\Desktop\aswMBR.txt"

#7 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 09 October 2011 - 10:55 AM

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 149):
0x81A44000 \SystemRoot\system32\ntkrnlpa.exe
0x81A11000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\drivers\volmgr.sys
0x8072B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80775000 \SystemRoot\system32\drivers\nvrd32.sys
0x80798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B9000 \SystemRoot\system32\drivers\pciide.sys
0x807C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807CE000 \SystemRoot\System32\drivers\mountmgr.sys
0x807DE000 \SystemRoot\system32\drivers\nvraid.sys
0x805BE000 \SystemRoot\system32\drivers\atapi.sys
0x805C6000 \SystemRoot\system32\drivers\ataport.SYS
0x89C0A000 \SystemRoot\system32\drivers\nvstor32.sys
0x89C2E000 \SystemRoot\system32\drivers\storport.sys
0x89C6F000 \SystemRoot\system32\drivers\fltmgr.sys
0x89CA1000 \SystemRoot\system32\drivers\fileinfo.sys
0x89CB1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E0E000 \SystemRoot\system32\drivers\ndis.sys
0x89F19000 \SystemRoot\system32\drivers\msrpc.sys
0x89F44000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A009000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A312000 \SystemRoot\system32\drivers\wd.sys
0x8A31A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A353000 \SystemRoot\System32\Drivers\spldr.sys
0x8A35B000 \SystemRoot\System32\Drivers\mup.sys
0x8A36A000 \SystemRoot\System32\drivers\ecache.sys
0x8A391000 \SystemRoot\system32\drivers\disk.sys
0x8A3A2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A10E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A11D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8A137000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8A141000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A154000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A15F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A3FA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A16A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A174000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A1B2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89D22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E401000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8E50D000 \SystemRoot\system32\drivers\modem.sys
0x8E51A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E52A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E538000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8E605000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EE57000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EEF7000 \SystemRoot\System32\drivers\watchdog.sys
0x8EF03000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EF1B000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EF1D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E007000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E107000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E110000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E13F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E14A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E161000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E16C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E18F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E19E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E1B2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E1C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E1D7000 \SystemRoot\system32\DRIVERS\SBFWIM.sys
0x8E1E7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EF23000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E1E9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E1F3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF4D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EF82000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8EF8C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94E0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EF9D000 \SystemRoot\system32\drivers\portcls.sys
0x8EFCA000 \SystemRoot\system32\drivers\drmk.sys
0x8E579000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x94FEC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x94FF5000 \SystemRoot\System32\Drivers\Null.SYS
0x94E00000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EFEF000 \SystemRoot\System32\drivers\vga.sys
0x8E5A9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E5CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E5D2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E5DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E5E5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E5F3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A1C1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89F7F000 \SystemRoot\system32\drivers\SbFw.sys
0x8A1D7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94E07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x89DAF000 \SystemRoot\system32\drivers\sbtis.sys
0x8A1EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x95C06000 \SystemRoot\system32\drivers\afd.sys
0x95C4E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95C80000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95C96000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95CA4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95CB7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95CF3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x95CFD000 \SystemRoot\System32\Drivers\dfsc.sys
0x95D14000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95D21000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x95D2B000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x9C250000 \SystemRoot\System32\win32k.sys
0x95D4F000 \SystemRoot\System32\drivers\Dxapi.sys
0x95D59000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C470000 \SystemRoot\System32\TSDDD.dll
0x95D68000 \SystemRoot\system32\drivers\luafv.sys
0x95D83000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x9C490000 \SystemRoot\System32\cdd.dll
0x8100E000 \SystemRoot\system32\drivers\spsys.sys
0x810BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x810CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x810E1000 \SystemRoot\system32\drivers\HTTP.sys
0x8114E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8116B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81184000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81199000 \SystemRoot\system32\drivers\mrxdav.sys
0x811BA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95D94000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x811D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x95DCD000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F406000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F455000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9F45C000 \SystemRoot\system32\drivers\peauth.sys
0x9F53A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F544000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F550000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9F565000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9F577000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9F57C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F592000 \SystemRoot\system32\DRIVERS\DKRtWrt.sys
0x9F59A000 \??\C:\Users\Kev\AppData\Local\Temp\aswMBR.sys
0x77880000 \Windows\System32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
568 csrss.exe
632 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1176 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1236 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\winlogon.exe
1408 C:\Windows\System32\svchost.exe
1724 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\taskeng.exe
2004 C:\Windows\System32\dwm.exe
500 C:\Windows\explorer.exe
1836 C:\Windows\System32\taskeng.exe
1840 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2132 C:\Windows\System32\svchost.exe
2180 C:\PurgeIE\PurgPro_Service.exe
2236 C:\Windows\System32\svchost.exe
2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2368 C:\Windows\System32\SearchIndexer.exe
2424 C:\Program Files\Webroot\Washer\WasherSvc.exe
2472 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2540 WUDFHost.exe
3856 C:\Windows\System32\svchost.exe
2852 C:\Program Files\Mozilla Firefox\firefox.exe
1052 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
456 C:\Program Files\Mozilla Firefox\plugin-container.exe
2836 C:\Windows\System32\wuauclt.exe
756 C:\Windows\System32\taskeng.exe
1164 C:\Windows\System32\svchost.exe
3532 taskeng.exe
180 C:\Windows\System32\SearchProtocolHost.exe
1064 C:\Windows\System32\SearchFilterHost.exe
2764 dllhost.exe
1512 dllhost.exe
3424 C:\Users\Kev\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`92600000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: CF4D04178953E00E752CBBD527A40B030D781341


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:05 PM

Posted 09 October 2011 - 04:56 PM

Can you tell me what problems you are experiencing?
Posted Image
m0le is a proud member of UNITE

#9 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 09 October 2011 - 05:26 PM

Computer is slow shutting down and sometimes slow to load webpages. Is there something wrong with my mbr? 298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: CF4D04178953E00E752CBBD527A40B030D781341

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:05 PM

Posted 09 October 2011 - 06:25 PM

Maybe, but not all faked MBR are malicious. I need a copy of the MBR but not when Windows has loaded.

You will need a USB drive for this.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#11 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 10 October 2011 - 06:10 PM

when i boot from the cd it opens then asks what language then freezes up after it loads up

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:05 PM

Posted 10 October 2011 - 06:37 PM

There's certainly some evidence stacking up that the MBR is the problem.

Do you have a Vista disk?
Posted Image
m0le is a proud member of UNITE

#13 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 10 October 2011 - 06:41 PM

Have a restore disk that I made

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:05 PM

Posted 10 October 2011 - 06:46 PM

I don't want to use that yet. If you had the Vista disk we could attempt a straightforward MBR fix.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#15 Kevm36

Kevm36
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 10 October 2011 - 06:54 PM

19:49:49.0225 0672 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
19:49:49.0611 0672 ============================================================
19:49:49.0611 0672 Current date / time: 2011/10/10 19:49:49.0611
19:49:49.0612 0672 SystemInfo:
19:49:49.0612 0672
19:49:49.0612 0672 OS Version: 6.0.6002 ServicePack: 2.0
19:49:49.0612 0672 Product type: Workstation
19:49:49.0612 0672 ComputerName: KEV-PC
19:49:49.0612 0672 UserName: Kev
19:49:49.0612 0672 Windows directory: C:\Windows
19:49:49.0612 0672 System windows directory: C:\Windows
19:49:49.0612 0672 Processor architecture: Intel x86
19:49:49.0612 0672 Number of processors: 2
19:49:49.0612 0672 Page size: 0x1000
19:49:49.0612 0672 Boot type: Normal boot
19:49:49.0612 0672 ============================================================
19:49:50.0057 0672 Initialize success
19:50:00.0918 2856 ============================================================
19:50:00.0918 2856 Scan started
19:50:00.0918 2856 Mode: Manual;
19:50:00.0918 2856 ============================================================
19:50:01.0209 2856 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:50:01.0211 2856 ACPI - ok
19:50:01.0271 2856 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:50:01.0274 2856 adp94xx - ok
19:50:01.0304 2856 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:50:01.0307 2856 adpahci - ok
19:50:01.0320 2856 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:50:01.0323 2856 adpu160m - ok
19:50:01.0350 2856 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:50:01.0351 2856 adpu320 - ok
19:50:01.0386 2856 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:50:01.0389 2856 AFD - ok
19:50:01.0408 2856 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:50:01.0409 2856 agp440 - ok
19:50:01.0421 2856 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:50:01.0423 2856 aic78xx - ok
19:50:01.0448 2856 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:50:01.0449 2856 aliide - ok
19:50:01.0469 2856 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:50:01.0470 2856 amdagp - ok
19:50:01.0489 2856 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:50:01.0490 2856 amdide - ok
19:50:01.0515 2856 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:50:01.0515 2856 AmdK7 - ok
19:50:01.0526 2856 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:50:01.0528 2856 AmdK8 - ok
19:50:01.0836 2856 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:50:01.0889 2856 amdkmdag - ok
19:50:01.0966 2856 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
19:50:01.0969 2856 amdkmdap - ok
19:50:02.0014 2856 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:50:02.0016 2856 arc - ok
19:50:02.0036 2856 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:50:02.0037 2856 arcsas - ok
19:50:02.0056 2856 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:02.0057 2856 AsyncMac - ok
19:50:02.0085 2856 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:50:02.0086 2856 atapi - ok
19:50:02.0118 2856 AtiHDAudioService (f71b6ee018eadf4cfd52f3c83847e5f6) C:\Windows\system32\drivers\AtihdLH3.sys
19:50:02.0120 2856 AtiHDAudioService - ok
19:50:02.0147 2856 AtiHdmiService (7cf49494c20ed4e56eadca4f50c2cb17) C:\Windows\system32\drivers\AtiHdmi.sys
19:50:02.0148 2856 AtiHdmiService - ok
19:50:02.0302 2856 atikmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:50:02.0358 2856 atikmdag - ok
19:50:02.0389 2856 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:50:02.0390 2856 Beep - ok
19:50:02.0418 2856 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:50:02.0419 2856 blbdrive - ok
19:50:02.0451 2856 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:50:02.0452 2856 bowser - ok
19:50:02.0473 2856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:50:02.0474 2856 BrFiltLo - ok
19:50:02.0499 2856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:50:02.0500 2856 BrFiltUp - ok
19:50:02.0524 2856 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:50:02.0525 2856 Brserid - ok
19:50:02.0545 2856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:50:02.0547 2856 BrSerWdm - ok
19:50:02.0561 2856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:50:02.0562 2856 BrUsbMdm - ok
19:50:02.0573 2856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:50:02.0575 2856 BrUsbSer - ok
19:50:02.0593 2856 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:50:02.0594 2856 BTHMODEM - ok
19:50:02.0644 2856 catchme - ok
19:50:02.0677 2856 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:50:02.0679 2856 cdfs - ok
19:50:02.0708 2856 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:50:02.0708 2856 cdrom - ok
19:50:02.0732 2856 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:50:02.0733 2856 circlass - ok
19:50:02.0768 2856 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:50:02.0772 2856 CLFS - ok
19:50:02.0800 2856 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:50:02.0800 2856 cmdide - ok
19:50:02.0818 2856 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
19:50:02.0818 2856 Compbatt - ok
19:50:02.0836 2856 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:50:02.0836 2856 crcdisk - ok
19:50:02.0856 2856 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:50:02.0857 2856 Crusoe - ok
19:50:02.0903 2856 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:50:02.0904 2856 DfsC - ok
19:50:02.0928 2856 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:50:02.0929 2856 disk - ok
19:50:02.0971 2856 DKRtWrt (ab24ee68ff85a592586c03a3f339fcd5) C:\Windows\system32\DRIVERS\DKRtWrt.sys
19:50:02.0972 2856 DKRtWrt - ok
19:50:03.0005 2856 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:50:03.0006 2856 drmkaud - ok
19:50:03.0045 2856 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:50:03.0049 2856 DXGKrnl - ok
19:50:03.0064 2856 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:50:03.0065 2856 E1G60 - ok
19:50:03.0100 2856 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:50:03.0101 2856 Ecache - ok
19:50:03.0145 2856 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:50:03.0151 2856 elxstor - ok
19:50:03.0183 2856 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:50:03.0183 2856 ErrDev - ok
19:50:03.0223 2856 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:50:03.0225 2856 exfat - ok
19:50:03.0255 2856 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:50:03.0257 2856 fastfat - ok
19:50:03.0274 2856 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:50:03.0275 2856 fdc - ok
19:50:03.0300 2856 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:50:03.0300 2856 FileInfo - ok
19:50:03.0319 2856 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:50:03.0320 2856 Filetrace - ok
19:50:03.0336 2856 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:50:03.0337 2856 flpydisk - ok
19:50:03.0367 2856 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:50:03.0370 2856 FltMgr - ok
19:50:03.0392 2856 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:50:03.0392 2856 Fs_Rec - ok
19:50:03.0410 2856 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:50:03.0412 2856 gagp30kx - ok
19:50:03.0434 2856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:03.0435 2856 GEARAspiWDM - ok
19:50:03.0468 2856 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:50:03.0473 2856 HdAudAddService - ok
19:50:03.0512 2856 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:50:03.0517 2856 HDAudBus - ok
19:50:03.0536 2856 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:50:03.0537 2856 HidBth - ok
19:50:03.0551 2856 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:50:03.0551 2856 HidIr - ok
19:50:03.0583 2856 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:50:03.0583 2856 HidUsb - ok
19:50:03.0605 2856 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:50:03.0605 2856 HpCISSs - ok
19:50:03.0642 2856 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:50:03.0645 2856 HTTP - ok
19:50:03.0662 2856 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:50:03.0663 2856 i2omp - ok
19:50:03.0682 2856 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:50:03.0683 2856 i8042prt - ok
19:50:03.0713 2856 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
19:50:03.0715 2856 iaStor - ok
19:50:03.0737 2856 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:50:03.0741 2856 iaStorV - ok
19:50:03.0760 2856 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:50:03.0760 2856 iirsp - ok
19:50:03.0817 2856 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
19:50:03.0817 2856 int15 - ok
19:50:03.0909 2856 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
19:50:03.0942 2856 IntcAzAudAddService - ok
19:50:03.0994 2856 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:50:03.0995 2856 intelide - ok
19:50:04.0022 2856 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:50:04.0022 2856 intelppm - ok
19:50:04.0051 2856 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:04.0052 2856 IpFilterDriver - ok
19:50:04.0071 2856 IpInIp - ok
19:50:04.0108 2856 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:50:04.0109 2856 IPMIDRV - ok
19:50:04.0130 2856 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:50:04.0131 2856 IPNAT - ok
19:50:04.0155 2856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:50:04.0156 2856 IRENUM - ok
19:50:04.0181 2856 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:50:04.0182 2856 isapnp - ok
19:50:04.0220 2856 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:50:04.0222 2856 iScsiPrt - ok
19:50:04.0242 2856 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:50:04.0243 2856 iteatapi - ok
19:50:04.0268 2856 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:50:04.0268 2856 iteraid - ok
19:50:04.0292 2856 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:04.0293 2856 kbdclass - ok
19:50:04.0310 2856 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:50:04.0311 2856 kbdhid - ok
19:50:04.0349 2856 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:50:04.0352 2856 KSecDD - ok
19:50:04.0399 2856 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:50:04.0400 2856 lltdio - ok
19:50:04.0430 2856 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:50:04.0432 2856 LSI_FC - ok
19:50:04.0453 2856 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:50:04.0454 2856 LSI_SAS - ok
19:50:04.0474 2856 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:50:04.0478 2856 LSI_SCSI - ok
19:50:04.0501 2856 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:50:04.0502 2856 luafv - ok
19:50:04.0548 2856 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:50:04.0548 2856 LVPr2Mon - ok
19:50:04.0584 2856 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
19:50:04.0586 2856 LVRS - ok
19:50:04.0753 2856 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
19:50:04.0848 2856 LVUVC - ok
19:50:04.0944 2856 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:50:04.0945 2856 megasas - ok
19:50:04.0975 2856 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:50:04.0981 2856 MegaSR - ok
19:50:05.0010 2856 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:50:05.0011 2856 Modem - ok
19:50:05.0039 2856 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:50:05.0040 2856 MODEMCSA - ok
19:50:05.0071 2856 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:50:05.0071 2856 monitor - ok
19:50:05.0093 2856 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:50:05.0094 2856 mouclass - ok
19:50:05.0115 2856 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:50:05.0116 2856 mouhid - ok
19:50:05.0136 2856 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:50:05.0137 2856 MountMgr - ok
19:50:05.0151 2856 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:50:05.0152 2856 mpio - ok
19:50:05.0172 2856 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:50:05.0173 2856 mpsdrv - ok
19:50:05.0192 2856 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:50:05.0194 2856 Mraid35x - ok
19:50:05.0228 2856 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:50:05.0230 2856 MRxDAV - ok
19:50:05.0257 2856 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:05.0258 2856 mrxsmb - ok
19:50:05.0279 2856 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:05.0281 2856 mrxsmb10 - ok
19:50:05.0293 2856 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:05.0294 2856 mrxsmb20 - ok
19:50:05.0319 2856 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:50:05.0320 2856 msahci - ok
19:50:05.0337 2856 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:50:05.0338 2856 msdsm - ok
19:50:05.0369 2856 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:50:05.0370 2856 Msfs - ok
19:50:05.0380 2856 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:50:05.0382 2856 msisadrv - ok
19:50:05.0408 2856 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:50:05.0409 2856 MSKSSRV - ok
19:50:05.0420 2856 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:05.0422 2856 MSPCLOCK - ok
19:50:05.0439 2856 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:50:05.0440 2856 MSPQM - ok
19:50:05.0473 2856 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:50:05.0475 2856 MsRPC - ok
19:50:05.0502 2856 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:50:05.0502 2856 mssmbios - ok
19:50:05.0515 2856 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:50:05.0516 2856 MSTEE - ok
19:50:05.0545 2856 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:50:05.0546 2856 Mup - ok
19:50:05.0584 2856 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:50:05.0585 2856 NativeWifiP - ok
19:50:05.0612 2856 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:50:05.0616 2856 NDIS - ok
19:50:05.0650 2856 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:05.0651 2856 NdisTapi - ok
19:50:05.0666 2856 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:05.0667 2856 Ndisuio - ok
19:50:05.0696 2856 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:05.0699 2856 NdisWan - ok
19:50:05.0713 2856 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:50:05.0714 2856 NDProxy - ok
19:50:05.0728 2856 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:50:05.0729 2856 NetBIOS - ok
19:50:05.0766 2856 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:50:05.0769 2856 netbt - ok
19:50:05.0802 2856 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:50:05.0803 2856 nfrd960 - ok
19:50:05.0835 2856 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:50:05.0836 2856 Npfs - ok
19:50:05.0852 2856 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:50:05.0854 2856 nsiproxy - ok
19:50:05.0903 2856 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:50:05.0928 2856 Ntfs - ok
19:50:05.0954 2856 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:50:05.0956 2856 NTIDrvr - ok
19:50:05.0977 2856 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:50:05.0978 2856 ntrigdigi - ok
19:50:05.0989 2856 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:50:05.0990 2856 Null - ok
19:50:06.0043 2856 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:50:06.0050 2856 NVENETFD - ok
19:50:06.0071 2856 NVHDA (f3ef6cb754c908c5e79fe5bb4a7e39ba) C:\Windows\system32\drivers\nvhda32v.sys
19:50:06.0072 2856 NVHDA - ok
19:50:06.0220 2856 nvlddmkm (23c24fdbc46b61a828db3779a808a68b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:50:06.0285 2856 nvlddmkm - ok
19:50:06.0315 2856 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:50:06.0316 2856 nvraid - ok
19:50:06.0329 2856 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
19:50:06.0331 2856 nvrd32 - ok
19:50:06.0349 2856 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
19:50:06.0350 2856 nvsmu - ok
19:50:06.0370 2856 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:50:06.0371 2856 nvstor - ok
19:50:06.0392 2856 nvstor32 (689a2160b851f8bf88f20728fd2f30bd) C:\Windows\system32\drivers\nvstor32.sys
19:50:06.0393 2856 nvstor32 - ok
19:50:06.0419 2856 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:50:06.0420 2856 nv_agp - ok
19:50:06.0435 2856 NwlnkFlt - ok
19:50:06.0451 2856 NwlnkFwd - ok
19:50:06.0486 2856 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:50:06.0488 2856 ohci1394 - ok
19:50:06.0522 2856 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:50:06.0524 2856 Parport - ok
19:50:06.0553 2856 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:50:06.0554 2856 partmgr - ok
19:50:06.0565 2856 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:50:06.0566 2856 Parvdm - ok
19:50:06.0589 2856 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:50:06.0591 2856 pci - ok
19:50:06.0617 2856 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:50:06.0619 2856 pciide - ok
19:50:06.0652 2856 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:50:06.0654 2856 pcmcia - ok
19:50:06.0688 2856 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:50:06.0705 2856 PEAUTH - ok
19:50:06.0764 2856 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:50:06.0765 2856 PptpMiniport - ok
19:50:06.0781 2856 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:50:06.0782 2856 Processor - ok
19:50:06.0834 2856 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:50:06.0835 2856 PSched - ok
19:50:06.0864 2856 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
19:50:06.0865 2856 PSI - ok
19:50:06.0921 2856 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:50:06.0946 2856 ql2300 - ok
19:50:06.0970 2856 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:50:06.0971 2856 ql40xx - ok
19:50:06.0991 2856 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:50:06.0992 2856 QWAVEdrv - ok
19:50:07.0008 2856 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:50:07.0009 2856 RasAcd - ok
19:50:07.0026 2856 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:07.0027 2856 Rasl2tp - ok
19:50:07.0063 2856 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:07.0064 2856 RasPppoe - ok
19:50:07.0077 2856 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:50:07.0078 2856 RasSstp - ok
19:50:07.0114 2856 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:50:07.0116 2856 rdbss - ok
19:50:07.0144 2856 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:07.0145 2856 RDPCDD - ok
19:50:07.0172 2856 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:50:07.0174 2856 rdpdr - ok
19:50:07.0185 2856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:50:07.0187 2856 RDPENCDD - ok
19:50:07.0222 2856 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:50:07.0223 2856 RDPWD - ok
19:50:07.0256 2856 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:50:07.0257 2856 rspndr - ok
19:50:07.0309 2856 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\Windows\system32\DRIVERS\sbapifs.sys
19:50:07.0311 2856 sbapifs - ok
19:50:07.0337 2856 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
19:50:07.0339 2856 SbFw - ok
19:50:07.0374 2856 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
19:50:07.0376 2856 SBFWIMCL - ok
19:50:07.0388 2856 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
19:50:07.0389 2856 SBFWIMCLMP - ok
19:50:07.0415 2856 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
19:50:07.0417 2856 sbhips - ok
19:50:07.0451 2856 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:50:07.0454 2856 sbp2port - ok
19:50:07.0475 2856 SBRE (16b11c7940182163d680284ebd0b5342) C:\Windows\system32\drivers\SBREdrv.sys
19:50:07.0477 2856 SBRE - ok
19:50:07.0497 2856 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
19:50:07.0498 2856 SbTis - ok
19:50:07.0534 2856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:50:07.0535 2856 secdrv - ok
19:50:07.0580 2856 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:50:07.0581 2856 Serenum - ok
19:50:07.0594 2856 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:50:07.0596 2856 Serial - ok
19:50:07.0618 2856 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:50:07.0619 2856 sermouse - ok
19:50:07.0648 2856 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:50:07.0649 2856 sffdisk - ok
19:50:07.0663 2856 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:50:07.0665 2856 sffp_mmc - ok
19:50:07.0675 2856 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:50:07.0677 2856 sffp_sd - ok
19:50:07.0693 2856 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:50:07.0696 2856 sfloppy - ok
19:50:07.0721 2856 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:50:07.0722 2856 sisagp - ok
19:50:07.0733 2856 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:50:07.0734 2856 SiSRaid2 - ok
19:50:07.0748 2856 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:50:07.0749 2856 SiSRaid4 - ok
19:50:07.0789 2856 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:50:07.0790 2856 Smb - ok
19:50:07.0846 2856 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
19:50:07.0854 2856 smserial - ok
19:50:07.0894 2856 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:50:07.0895 2856 spldr - ok
19:50:07.0936 2856 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:50:07.0938 2856 srv - ok
19:50:07.0968 2856 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:50:07.0970 2856 srv2 - ok
19:50:07.0999 2856 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:50:08.0001 2856 srvnet - ok
19:50:08.0038 2856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:50:08.0039 2856 swenum - ok
19:50:08.0057 2856 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:50:08.0058 2856 Symc8xx - ok
19:50:08.0075 2856 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:50:08.0075 2856 Sym_hi - ok
19:50:08.0086 2856 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:50:08.0088 2856 Sym_u3 - ok
19:50:08.0150 2856 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
19:50:08.0156 2856 Tcpip - ok
19:50:08.0192 2856 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
19:50:08.0198 2856 Tcpip6 - ok
19:50:08.0224 2856 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:50:08.0224 2856 tcpipreg - ok
19:50:08.0259 2856 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:50:08.0259 2856 TDPIPE - ok
19:50:08.0278 2856 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:50:08.0279 2856 TDTCP - ok
19:50:08.0310 2856 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:50:08.0311 2856 tdx - ok
19:50:08.0340 2856 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:50:08.0341 2856 TermDD - ok
19:50:08.0385 2856 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:50:08.0387 2856 tssecsrv - ok
19:50:08.0408 2856 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:50:08.0409 2856 tunmp - ok
19:50:08.0419 2856 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:50:08.0421 2856 tunnel - ok
19:50:08.0446 2856 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:50:08.0447 2856 uagp35 - ok
19:50:08.0466 2856 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:50:08.0469 2856 udfs - ok
19:50:08.0502 2856 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:50:08.0503 2856 uliagpkx - ok
19:50:08.0526 2856 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:50:08.0528 2856 uliahci - ok
19:50:08.0542 2856 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:50:08.0544 2856 UlSata - ok
19:50:08.0556 2856 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:50:08.0557 2856 ulsata2 - ok
19:50:08.0586 2856 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:50:08.0587 2856 umbus - ok
19:50:08.0623 2856 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:50:08.0624 2856 usbaudio - ok
19:50:08.0645 2856 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:50:08.0646 2856 usbccgp - ok
19:50:08.0657 2856 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:50:08.0658 2856 usbcir - ok
19:50:08.0688 2856 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:50:08.0689 2856 usbehci - ok
19:50:08.0705 2856 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:50:08.0707 2856 usbhub - ok
19:50:08.0728 2856 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:50:08.0728 2856 usbohci - ok
19:50:08.0764 2856 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:50:08.0765 2856 usbprint - ok
19:50:08.0780 2856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:50:08.0781 2856 USBSTOR - ok
19:50:08.0803 2856 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:50:08.0803 2856 usbuhci - ok
19:50:08.0835 2856 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:50:08.0837 2856 usbvideo - ok
19:50:08.0857 2856 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:50:08.0858 2856 vga - ok
19:50:08.0879 2856 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:50:08.0880 2856 VgaSave - ok
19:50:08.0897 2856 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:50:08.0899 2856 viaagp - ok
19:50:08.0910 2856 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:50:08.0912 2856 ViaC7 - ok
19:50:08.0941 2856 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:50:08.0942 2856 viaide - ok
19:50:08.0964 2856 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:50:08.0966 2856 volmgr - ok
19:50:08.0990 2856 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:50:08.0993 2856 volmgrx - ok
19:50:09.0020 2856 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:50:09.0022 2856 volsnap - ok
19:50:09.0050 2856 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:50:09.0051 2856 vsmraid - ok
19:50:09.0077 2856 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:50:09.0078 2856 WacomPen - ok
19:50:09.0097 2856 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:09.0098 2856 Wanarp - ok
19:50:09.0111 2856 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:50:09.0112 2856 Wanarpv6 - ok
19:50:09.0178 2856 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:50:09.0179 2856 Wd - ok
19:50:09.0210 2856 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:50:09.0214 2856 Wdf01000 - ok
19:50:09.0310 2856 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:50:09.0311 2856 WmiAcpi - ok
19:50:09.0406 2856 wrssweep (f3fe0e6dd201522673315d7b1b5379b9) C:\Program Files\Webroot\Washer\wrssweep.sys
19:50:09.0407 2856 wrssweep - ok
19:50:09.0499 2856 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:50:09.0500 2856 ws2ifsl - ok
19:50:09.0555 2856 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:50:09.0556 2856 WUDFRd - ok
19:50:09.0586 2856 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
19:50:10.0293 2856 \Device\Harddisk0\DR0 - ok
19:50:10.0306 2856 Boot (0x1200) (1b0a079921d894d80edf151b99247b08) \Device\Harddisk0\DR0\Partition0
19:50:10.0307 2856 \Device\Harddisk0\DR0\Partition0 - ok
19:50:10.0330 2856 Boot (0x1200) (55ccce36208d25cb7a8be71b3e189d80) \Device\Harddisk0\DR0\Partition1
19:50:10.0331 2856 \Device\Harddisk0\DR0\Partition1 - ok
19:50:10.0331 2856 ============================================================
19:50:10.0331 2856 Scan finished
19:50:10.0331 2856 ============================================================
19:50:10.0345 2160 Detected object count: 0
19:50:10.0346 2160 Actual detected object count: 0
19:53:32.0104 1908 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users