Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Round 2: Google redirect turned to nonfunctioning firefox


  • This topic is locked This topic is locked
36 replies to this topic

#1 cadmonkey

cadmonkey

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 07 October 2011 - 02:32 AM

I've just been sent over here by jntkwx from "Am I infected? What do I do?"

here's a link to the topic

**I went through the preparation guide, but I got the blue screen of death while running the GMER scan, twice, so I was unable to get ark.txt.

Now to the problem, a few weeks ago I seem to have been dealing with the Google redirect virus, but didn't realize that it was a problem. After getting around it for a week, I was fed up and decided to run Malwarebyte's Anti-malware in an attempt to take care of the problem. Malwarebyte's would open, then close seconds later, as if it had never been opened. After struggling with it for a few days, I posted my problem on here (in the link above). [When Malwarebyte's did finally work, I could not update it because of no internet connection- detailed later.] The computer seems to be running slowly, I assume because of whatever silly problem it is having, since it's only been slow in the past week-ish. But the biggest problem is that I cannot connect to the internet. In my Network & Sharing Center it says my connection is 'identifying' but will go no further than that; however it does list that it has excellent signal strength. When I open firefox all I get is 'server not found.' I have already restarted my modem & router and have also tried plugging the ethernet cable directly into the laptop. My desktop is working with no problems, and we have other wireless devices that have been working off our internet, so I feel safe in saying that it's not our internet that is causing the problems. I also have tried getting it to work off of other wireless connections to no avail. Any help would be greatly appreciated, because without it, this silly little laptop might just be turning into a fun projectile. :smash:



DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19120
Run by Meghan at 1:32:45 on 2011-10-07
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2939.1939 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc307.mail.yahoo.com/mc/welcome?.gx=&.rand=4th8fusvjt4pn&.gxopt=
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SmartNetIde] rundll32.exe "c:\users\meghan\appdata\local\nativepathenum\SmartNetIde.dll",odbcapiRpl Bluetoothnet90
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\meghan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{073841FF-5BFD-4132-B13F-9B53D0BCB5AD} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\meghan\appdata\roaming\mozilla\firefox\profiles\bgp83ww2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1919967&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://us.mc307.mail.yahoo.com/mc/welcome?.gx=&.rand=4th8fusvjt4pn&.gxopt=|http://www.gmail.com|http://www.facebook.com/
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-15 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2008-11-11 2560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-15 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-07 06:11:40	56200	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{e901094a-4a9d-45e1-a3e7-7a2cc83f183e}\offreg.dll
2011-10-04 22:43:25	--------	d-----w-	c:\program files\malwarebytes
2011-09-29 02:07:24	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 02:07:20	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-29 02:07:20	--------	d-----w-	c:\program files\amalwar
2011-09-24 23:20:33	66520	----a-w-	c:\program files\mozilla firefox\plugins\npnul32.dll
2011-09-24 23:20:33	25048	----a-w-	c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-09-24 23:20:33	140248	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-09-24 23:20:32	505816	----a-w-	c:\program files\mozilla firefox\sqlite3.dll
2011-09-24 23:20:32	1000920	----a-w-	c:\program files\mozilla firefox\js3250.dll
2011-09-23 19:48:18	7269712	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{e901094a-4a9d-45e1-a3e7-7a2cc83f183e}\mpengine.dll
2011-09-15 04:55:40	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2011-09-15 01:36:51	--------	d-----w-	c:\users\meghan\appdata\local\NativePathEnum
.
==================== Find3M  ====================
.
2011-09-28 04:10:03	72192	----a-w-	c:\windows\system32\drivers\tdx.sys
2011-07-23 11:04:29	916480	----a-w-	c:\windows\system32\wininet.dll
2011-07-23 11:00:05	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-07-23 10:59:34	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47	385024	----a-w-	c:\windows\system32\html.iec
2011-07-23 09:27:04	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35	2048	----a-w-	c:\windows\system32\tzres.dll
.
============= FINISH:  1:33:13.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 PM

Posted 12 October 2011 - 02:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422274 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 12 October 2011 - 10:38 AM

Hello cadmonkey,

Please update me on the current condition of your computer.

Also post a fresh DDS.txt post, not need for the Attach.txt. Please copy and paste the log without putting it in the code box.

#4 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 12 October 2011 - 07:35 PM

1) description

PROBLEM: My internet access on my laptop will not work.
WHAT I HAVE DONE: It started with the Google redirect virus, so I tried Malwarebyte's Anti-malware. Malwarebyte's didn't work (opened then closed itself). [When Malwarebyte's did finally work, it could not update it because of no internet connection.] The computer is now running slowly; minutes to startup/login instead of seconds. I checked my wifi switch- it is on. My connection says it's 'identifying' in my Network & Sharing Center with excellent signal strength. 'Server not found' message when firefox is opened. I have restarted & reset my modem & router and tried plugging the ethernet cable directly into the laptop. My desktop and other wireless devices are connecting with no problem. I originally posted this topic in "Am I infected? What do I do?", and after help from jntkwx, was sent here. Here is the original topic.


2) logs

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Meghan at 4:05:14 on 2011-10-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.2085 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc307.mail.yahoo.com/mc/welcome?.gx=&.rand=4th8fusvjt4pn&.gxopt=
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SmartNetIde] rundll32.exe "c:\users\meghan\appdata\local\nativepathenum\SmartNetIde.dll",odbcapiRpl Bluetoothnet90
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\meghan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{073841FF-5BFD-4132-B13F-9B53D0BCB5AD} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\meghan\appdata\roaming\mozilla\firefox\profiles\bgp83ww2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1919967&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://us.mc307.mail.yahoo.com/mc/welcome?.gx=&.rand=4th8fusvjt4pn&.gxopt=|http://www.gmail.com|http://www.facebook.com/
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-15 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2008-11-11 2560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-15 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-08 23:23:38 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e901094a-4a9d-45e1-a3e7-7a2cc83f183e}\offreg.dll
2011-10-04 22:43:25 -------- d-----w- c:\program files\malwarebytes
2011-09-29 02:07:24 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 02:07:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 02:07:20 -------- d-----w- c:\program files\amalwar
2011-09-24 23:20:33 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-09-24 23:20:33 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-09-24 23:20:33 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-09-24 23:20:32 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-09-24 23:20:32 1000920 ----a-w- c:\program files\mozilla firefox\js3250.dll
2011-09-23 19:48:18 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e901094a-4a9d-45e1-a3e7-7a2cc83f183e}\mpengine.dll
2011-09-15 04:55:40 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-15 01:36:51 -------- d-----w- c:\users\meghan\appdata\local\NativePathEnum
.
==================== Find3M ====================
.
2011-09-28 04:10:03 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 4:06:16.74 ===============


GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-12 17:25:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\Meghan\AppData\Local\Temp\pftdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A952480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A993900, 0x3CA, 0x48000040]
? C:\Users\Meghan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB22334$\1207433423 0 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787 0 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\@ 2048 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\bckfg.tmp 840 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\cfg.ini 387 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\keywords 104 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\kwrd.dll 208896 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\L 0 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\lsflt7.ver 1199 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\U 0 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\U\00000002.@ 209920 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB22334$\4016719787\U\80000032.@ 71168 bytes

---- EOF - GMER 1.0.15 ----


3) I do not have the original Windows CD/DVD.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 13 October 2011 - 02:28 AM

Thanks for the feedback.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#6 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 14 October 2011 - 07:08 PM

TDSSKiller log (did not reboot):

18:56:54.0028 2000 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
18:56:54.0106 2000 ============================================================
18:56:54.0106 2000 Current date / time: 2011/10/14 18:56:54.0106
18:56:54.0106 2000 SystemInfo:
18:56:54.0106 2000
18:56:54.0106 2000 OS Version: 6.0.6002 ServicePack: 2.0
18:56:54.0106 2000 Product type: Workstation
18:56:54.0106 2000 ComputerName: OID-PC
18:56:54.0106 2000 UserName: Meghan
18:56:54.0106 2000 Windows directory: C:\Windows
18:56:54.0106 2000 System windows directory: C:\Windows
18:56:54.0106 2000 Processor architecture: Intel x86
18:56:54.0106 2000 Number of processors: 2
18:56:54.0106 2000 Page size: 0x1000
18:56:54.0106 2000 Boot type: Normal boot
18:56:54.0106 2000 ============================================================
18:56:55.0089 2000 Initialize success
18:56:56.0321 3228 ============================================================
18:56:56.0321 3228 Scan started
18:56:56.0321 3228 Mode: Manual;
18:56:56.0321 3228 ============================================================
18:56:56.0898 3228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:56:56.0898 3228 ACPI - ok
18:56:56.0976 3228 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:56:56.0992 3228 adp94xx - ok
18:56:57.0039 3228 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:56:57.0054 3228 adpahci - ok
18:56:57.0101 3228 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:56:57.0101 3228 adpu160m - ok
18:56:57.0148 3228 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:56:57.0148 3228 adpu320 - ok
18:56:57.0257 3228 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:56:57.0257 3228 AFD - ok
18:56:57.0366 3228 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:56:57.0382 3228 AgereSoftModem - ok
18:56:57.0460 3228 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:56:57.0460 3228 agp440 - ok
18:56:57.0507 3228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:56:57.0507 3228 aic78xx - ok
18:56:57.0553 3228 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:56:57.0553 3228 aliide - ok
18:56:57.0600 3228 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:56:57.0600 3228 amdagp - ok
18:56:57.0631 3228 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:56:57.0631 3228 amdide - ok
18:56:57.0663 3228 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:56:57.0663 3228 AmdK7 - ok
18:56:57.0709 3228 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:56:57.0725 3228 AmdK8 - ok
18:56:57.0819 3228 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:56:57.0819 3228 arc - ok
18:56:57.0865 3228 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:56:57.0865 3228 arcsas - ok
18:56:57.0975 3228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:57.0975 3228 AsyncMac - ok
18:56:58.0037 3228 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:56:58.0037 3228 atapi - ok
18:56:58.0131 3228 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
18:56:58.0131 3228 athr - ok
18:56:58.0209 3228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:56:58.0209 3228 Beep - ok
18:56:58.0287 3228 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:56:58.0287 3228 blbdrive - ok
18:56:58.0396 3228 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:56:58.0411 3228 bowser - ok
18:56:58.0458 3228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:56:58.0458 3228 BrFiltLo - ok
18:56:58.0505 3228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:56:58.0505 3228 BrFiltUp - ok
18:56:58.0567 3228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:56:58.0583 3228 Brserid - ok
18:56:58.0614 3228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:56:58.0614 3228 BrSerWdm - ok
18:56:58.0692 3228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:56:58.0692 3228 BrUsbMdm - ok
18:56:58.0755 3228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:56:58.0755 3228 BrUsbSer - ok
18:56:58.0801 3228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:56:58.0801 3228 BTHMODEM - ok
18:56:58.0879 3228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:58.0879 3228 cdfs - ok
18:56:58.0926 3228 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:58.0942 3228 cdrom - ok
18:56:58.0973 3228 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:56:58.0973 3228 circlass - ok
18:56:59.0004 3228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:56:59.0020 3228 CLFS - ok
18:56:59.0098 3228 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:59.0098 3228 CmBatt - ok
18:56:59.0145 3228 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:56:59.0145 3228 cmdide - ok
18:56:59.0176 3228 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:59.0176 3228 Compbatt - ok
18:56:59.0223 3228 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:56:59.0223 3228 crcdisk - ok
18:56:59.0269 3228 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:56:59.0269 3228 Crusoe - ok
18:56:59.0332 3228 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:56:59.0332 3228 DfsC - ok
18:56:59.0457 3228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:56:59.0457 3228 disk - ok
18:56:59.0535 3228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:56:59.0535 3228 drmkaud - ok
18:56:59.0597 3228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:59.0613 3228 DXGKrnl - ok
18:56:59.0659 3228 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:56:59.0675 3228 E1G60 - ok
18:56:59.0769 3228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:56:59.0769 3228 Ecache - ok
18:56:59.0831 3228 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:56:59.0831 3228 elxstor - ok
18:56:59.0893 3228 EraserUtilDrv10741 - ok
18:56:59.0940 3228 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:56:59.0940 3228 ErrDev - ok
18:57:00.0018 3228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:57:00.0034 3228 exfat - ok
18:57:00.0081 3228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:57:00.0096 3228 fastfat - ok
18:57:00.0143 3228 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:57:00.0143 3228 fdc - ok
18:57:00.0190 3228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:57:00.0190 3228 FileInfo - ok
18:57:00.0237 3228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:57:00.0237 3228 Filetrace - ok
18:57:00.0268 3228 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:00.0268 3228 flpydisk - ok
18:57:00.0330 3228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:57:00.0330 3228 FltMgr - ok
18:57:00.0408 3228 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:57:00.0408 3228 Fs_Rec - ok
18:57:00.0455 3228 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
18:57:00.0455 3228 FwLnk - ok
18:57:00.0486 3228 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:57:00.0486 3228 gagp30kx - ok
18:57:00.0549 3228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:57:00.0549 3228 GEARAspiWDM - ok
18:57:00.0611 3228 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:57:00.0611 3228 HdAudAddService - ok
18:57:00.0689 3228 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:57:00.0705 3228 HDAudBus - ok
18:57:00.0736 3228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:57:00.0736 3228 HidBth - ok
18:57:00.0767 3228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:57:00.0767 3228 HidIr - ok
18:57:00.0814 3228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:57:00.0814 3228 HidUsb - ok
18:57:00.0861 3228 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:57:00.0861 3228 HpCISSs - ok
18:57:00.0939 3228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:57:00.0939 3228 HTTP - ok
18:57:00.0970 3228 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:57:00.0970 3228 i2omp - ok
18:57:01.0032 3228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:57:01.0032 3228 i8042prt - ok
18:57:01.0110 3228 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
18:57:01.0126 3228 iaStor - ok
18:57:01.0173 3228 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:57:01.0188 3228 iaStorV - ok
18:57:01.0329 3228 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:57:01.0360 3228 igfx - ok
18:57:01.0391 3228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:57:01.0391 3228 iirsp - ok
18:57:01.0500 3228 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
18:57:01.0531 3228 IntcAzAudAddService - ok
18:57:01.0578 3228 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:57:01.0578 3228 intelide - ok
18:57:01.0625 3228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:57:01.0625 3228 intelppm - ok
18:57:01.0656 3228 IO_Memory - ok
18:57:01.0703 3228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:01.0703 3228 IpFilterDriver - ok
18:57:01.0734 3228 IpInIp - ok
18:57:01.0781 3228 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:57:01.0781 3228 IPMIDRV - ok
18:57:01.0812 3228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:57:01.0828 3228 IPNAT - ok
18:57:01.0859 3228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:57:01.0859 3228 IRENUM - ok
18:57:01.0890 3228 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:57:01.0906 3228 isapnp - ok
18:57:01.0968 3228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:57:01.0968 3228 iScsiPrt - ok
18:57:01.0999 3228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:57:01.0999 3228 iteatapi - ok
18:57:02.0031 3228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:57:02.0031 3228 iteraid - ok
18:57:02.0093 3228 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:57:02.0093 3228 jswpslwf - ok
18:57:02.0124 3228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:57:02.0124 3228 kbdclass - ok
18:57:02.0171 3228 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:57:02.0171 3228 kbdhid - ok
18:57:02.0233 3228 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
18:57:02.0249 3228 KR10I - ok
18:57:02.0280 3228 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
18:57:02.0280 3228 KR10N - ok
18:57:02.0343 3228 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:57:02.0343 3228 KSecDD - ok
18:57:02.0421 3228 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:57:02.0421 3228 LHidFilt - ok
18:57:02.0467 3228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:57:02.0467 3228 lltdio - ok
18:57:02.0514 3228 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:57:02.0514 3228 LMouFilt - ok
18:57:02.0545 3228 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:57:02.0561 3228 LSI_FC - ok
18:57:02.0592 3228 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:57:02.0592 3228 LSI_SAS - ok
18:57:02.0623 3228 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:57:02.0623 3228 LSI_SCSI - ok
18:57:02.0670 3228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:57:02.0670 3228 luafv - ok
18:57:02.0701 3228 MCSTRM - ok
18:57:02.0748 3228 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:57:02.0748 3228 megasas - ok
18:57:02.0811 3228 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:57:02.0826 3228 MegaSR - ok
18:57:02.0873 3228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:57:02.0873 3228 Modem - ok
18:57:02.0904 3228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:57:02.0904 3228 monitor - ok
18:57:02.0951 3228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:57:02.0967 3228 mouclass - ok
18:57:02.0982 3228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:57:02.0982 3228 mouhid - ok
18:57:03.0045 3228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:57:03.0045 3228 MountMgr - ok
18:57:03.0091 3228 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:57:03.0091 3228 mpio - ok
18:57:03.0138 3228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:57:03.0138 3228 mpsdrv - ok
18:57:03.0201 3228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:57:03.0201 3228 Mraid35x - ok
18:57:03.0263 3228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:57:03.0263 3228 MRxDAV - ok
18:57:03.0310 3228 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:03.0310 3228 mrxsmb - ok
18:57:03.0372 3228 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:03.0372 3228 mrxsmb10 - ok
18:57:03.0403 3228 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:03.0403 3228 mrxsmb20 - ok
18:57:03.0450 3228 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:57:03.0450 3228 msahci - ok
18:57:03.0481 3228 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:57:03.0481 3228 msdsm - ok
18:57:03.0528 3228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:57:03.0528 3228 Msfs - ok
18:57:03.0606 3228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:57:03.0606 3228 msisadrv - ok
18:57:03.0669 3228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:57:03.0669 3228 MSKSSRV - ok
18:57:03.0700 3228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:03.0700 3228 MSPCLOCK - ok
18:57:03.0715 3228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:57:03.0715 3228 MSPQM - ok
18:57:03.0793 3228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:57:03.0793 3228 MsRPC - ok
18:57:03.0840 3228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:57:03.0840 3228 mssmbios - ok
18:57:03.0903 3228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:57:03.0903 3228 MSTEE - ok
18:57:03.0934 3228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:57:03.0934 3228 Mup - ok
18:57:04.0027 3228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:57:04.0027 3228 NativeWifiP - ok
18:57:04.0121 3228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:57:04.0121 3228 NDIS - ok
18:57:04.0168 3228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:04.0168 3228 NdisTapi - ok
18:57:04.0215 3228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:04.0230 3228 Ndisuio - ok
18:57:04.0308 3228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:04.0324 3228 NdisWan - ok
18:57:04.0402 3228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:57:04.0402 3228 NDProxy - ok
18:57:04.0464 3228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:57:04.0464 3228 NetBIOS - ok
18:57:04.0542 3228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:57:04.0542 3228 netbt - ok
18:57:04.0651 3228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:57:04.0667 3228 nfrd960 - ok
18:57:04.0714 3228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:57:04.0714 3228 Npfs - ok
18:57:04.0761 3228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:57:04.0761 3228 nsiproxy - ok
18:57:04.0870 3228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:57:04.0885 3228 Ntfs - ok
18:57:04.0932 3228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:57:04.0932 3228 ntrigdigi - ok
18:57:04.0948 3228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:57:04.0948 3228 Null - ok
18:57:04.0995 3228 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:57:04.0995 3228 nvraid - ok
18:57:05.0010 3228 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:57:05.0026 3228 nvstor - ok
18:57:05.0057 3228 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:57:05.0057 3228 nv_agp - ok
18:57:05.0088 3228 NwlnkFlt - ok
18:57:05.0104 3228 NwlnkFwd - ok
18:57:05.0182 3228 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:57:05.0182 3228 ohci1394 - ok
18:57:05.0291 3228 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
18:57:05.0291 3228 PalmUSBD - ok
18:57:05.0338 3228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:57:05.0338 3228 Parport - ok
18:57:05.0400 3228 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:57:05.0400 3228 partmgr - ok
18:57:05.0431 3228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:57:05.0431 3228 Parvdm - ok
18:57:05.0494 3228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:57:05.0494 3228 pci - ok
18:57:05.0525 3228 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:57:05.0525 3228 pciide - ok
18:57:05.0572 3228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:57:05.0587 3228 pcmcia - ok
18:57:05.0650 3228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:57:05.0665 3228 PEAUTH - ok
18:57:05.0759 3228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:57:05.0759 3228 PptpMiniport - ok
18:57:05.0790 3228 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:57:05.0790 3228 Processor - ok
18:57:05.0868 3228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:57:05.0884 3228 PSched - ok
18:57:05.0977 3228 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:57:06.0024 3228 ql2300 - ok
18:57:06.0055 3228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:57:06.0071 3228 ql40xx - ok
18:57:06.0102 3228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:57:06.0102 3228 QWAVEdrv - ok
18:57:06.0118 3228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:57:06.0118 3228 RasAcd - ok
18:57:06.0149 3228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:06.0149 3228 Rasl2tp - ok
18:57:06.0211 3228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:06.0211 3228 RasPppoe - ok
18:57:06.0274 3228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:57:06.0274 3228 RasSstp - ok
18:57:06.0336 3228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:57:06.0336 3228 rdbss - ok
18:57:06.0367 3228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:06.0367 3228 RDPCDD - ok
18:57:06.0399 3228 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:57:06.0414 3228 rdpdr - ok
18:57:06.0430 3228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:57:06.0430 3228 RDPENCDD - ok
18:57:06.0477 3228 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:57:06.0477 3228 RDPWD - ok
18:57:06.0539 3228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:57:06.0539 3228 rspndr - ok
18:57:06.0601 3228 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:57:06.0601 3228 RTL8169 - ok
18:57:06.0648 3228 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
18:57:06.0648 3228 RTSTOR - ok
18:57:06.0695 3228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:57:06.0695 3228 sbp2port - ok
18:57:06.0742 3228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:57:06.0742 3228 secdrv - ok
18:57:06.0789 3228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:57:06.0789 3228 Serenum - ok
18:57:06.0804 3228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:57:06.0820 3228 Serial - ok
18:57:06.0851 3228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:57:06.0851 3228 sermouse - ok
18:57:06.0898 3228 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:57:06.0898 3228 sffdisk - ok
18:57:06.0929 3228 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:57:06.0929 3228 sffp_mmc - ok
18:57:06.0960 3228 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:57:06.0960 3228 sffp_sd - ok
18:57:07.0007 3228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:57:07.0007 3228 sfloppy - ok
18:57:07.0054 3228 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:57:07.0054 3228 sisagp - ok
18:57:07.0085 3228 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:57:07.0085 3228 SiSRaid2 - ok
18:57:07.0132 3228 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:57:07.0132 3228 SiSRaid4 - ok
18:57:07.0194 3228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:57:07.0194 3228 Smb - ok
18:57:07.0241 3228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:57:07.0241 3228 spldr - ok
18:57:07.0288 3228 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:57:07.0303 3228 srv - ok
18:57:07.0335 3228 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:57:07.0335 3228 srv2 - ok
18:57:07.0381 3228 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:57:07.0397 3228 srvnet - ok
18:57:07.0428 3228 ssrangdr (f87737d83b965efa765117051e3b9d0c) C:\Windows\system32\DRIVERS\ssrangdr.sys
18:57:07.0428 3228 ssrangdr - ok
18:57:07.0475 3228 stcy - ok
18:57:07.0553 3228 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
18:57:07.0553 3228 SVRPEDRV - ok
18:57:07.0615 3228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:57:07.0615 3228 swenum - ok
18:57:07.0662 3228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:57:07.0662 3228 Symc8xx - ok
18:57:07.0693 3228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:57:07.0709 3228 Sym_hi - ok
18:57:07.0740 3228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:57:07.0740 3228 Sym_u3 - ok
18:57:07.0787 3228 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
18:57:07.0787 3228 SynTP - ok
18:57:07.0865 3228 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:57:07.0881 3228 Tcpip - ok
18:57:07.0943 3228 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:57:07.0943 3228 Tcpip6 - ok
18:57:07.0990 3228 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:57:07.0990 3228 tcpipreg - ok
18:57:08.0021 3228 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:57:08.0021 3228 tdcmdpst - ok
18:57:08.0068 3228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:57:08.0068 3228 TDPIPE - ok
18:57:08.0099 3228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:57:08.0099 3228 TDTCP - ok
18:57:08.0161 3228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:57:08.0161 3228 TermDD - ok
18:57:08.0286 3228 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:57:08.0286 3228 tos_sps32 - ok
18:57:08.0333 3228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:08.0333 3228 tssecsrv - ok
18:57:08.0364 3228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:57:08.0364 3228 tunmp - ok
18:57:08.0411 3228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:57:08.0411 3228 tunnel - ok
18:57:08.0458 3228 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:57:08.0458 3228 TVALZ - ok
18:57:08.0473 3228 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:57:08.0473 3228 uagp35 - ok
18:57:08.0551 3228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:57:08.0551 3228 udfs - ok
18:57:08.0614 3228 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:57:08.0614 3228 uliagpkx - ok
18:57:08.0645 3228 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:57:08.0661 3228 uliahci - ok
18:57:08.0707 3228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:57:08.0707 3228 UlSata - ok
18:57:08.0754 3228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:57:08.0754 3228 ulsata2 - ok
18:57:08.0785 3228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:57:08.0785 3228 umbus - ok
18:57:08.0863 3228 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:57:08.0879 3228 USBAAPL - ok
18:57:08.0926 3228 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:57:08.0926 3228 usbaudio - ok
18:57:08.0988 3228 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
18:57:08.0988 3228 usbbus - ok
18:57:09.0035 3228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:09.0035 3228 usbccgp - ok
18:57:09.0066 3228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:57:09.0066 3228 usbcir - ok
18:57:09.0144 3228 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:57:09.0144 3228 UsbDiag - ok
18:57:09.0222 3228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:57:09.0222 3228 usbehci - ok
18:57:09.0269 3228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:57:09.0285 3228 usbhub - ok
18:57:09.0331 3228 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:57:09.0331 3228 USBModem - ok
18:57:09.0378 3228 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:57:09.0378 3228 usbohci - ok
18:57:09.0425 3228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:57:09.0425 3228 usbprint - ok
18:57:09.0487 3228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:09.0487 3228 USBSTOR - ok
18:57:09.0503 3228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:57:09.0503 3228 usbuhci - ok
18:57:09.0534 3228 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:57:09.0534 3228 usbvideo - ok
18:57:09.0597 3228 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:57:09.0597 3228 UVCFTR - ok
18:57:09.0643 3228 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:09.0643 3228 vga - ok
18:57:09.0659 3228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:57:09.0659 3228 VgaSave - ok
18:57:09.0690 3228 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:57:09.0690 3228 viaagp - ok
18:57:09.0721 3228 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:57:09.0721 3228 ViaC7 - ok
18:57:09.0753 3228 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:57:09.0753 3228 viaide - ok
18:57:09.0815 3228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:57:09.0815 3228 volmgr - ok
18:57:09.0877 3228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:57:09.0877 3228 volmgrx - ok
18:57:09.0955 3228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:57:09.0955 3228 volsnap - ok
18:57:10.0002 3228 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:57:10.0002 3228 vsmraid - ok
18:57:10.0065 3228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:57:10.0080 3228 WacomPen - ok
18:57:10.0096 3228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:10.0111 3228 Wanarp - ok
18:57:10.0127 3228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:57:10.0127 3228 Wanarpv6 - ok
18:57:10.0174 3228 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:57:10.0174 3228 Wd - ok
18:57:10.0205 3228 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:57:10.0221 3228 Wdf01000 - ok
18:57:10.0314 3228 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:57:10.0330 3228 WmiAcpi - ok
18:57:10.0392 3228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:57:10.0392 3228 WpdUsb - ok
18:57:10.0439 3228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:57:10.0455 3228 ws2ifsl - ok
18:57:10.0501 3228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:10.0517 3228 WUDFRd - ok
18:57:10.0548 3228 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:57:10.0564 3228 \Device\Harddisk0\DR0 - ok
18:57:10.0579 3228 Boot (0x1200) (334e86cad4cefeb322d6c9db9e4bd456) \Device\Harddisk0\DR0\Partition0
18:57:10.0579 3228 \Device\Harddisk0\DR0\Partition0 - ok
18:57:10.0579 3228 ============================================================
18:57:10.0579 3228 Scan finished
18:57:10.0579 3228 ============================================================
18:57:10.0611 3592 Detected object count: 0
18:57:10.0611 3592 Actual detected object count: 0
18:57:59.0423 4056 ============================================================
18:57:59.0423 4056 Scan started
18:57:59.0423 4056 Mode: Manual; SigCheck; TDLFS;
18:57:59.0423 4056 ============================================================
18:57:59.0829 4056 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:58:00.0078 4056 ACPI - ok
18:58:00.0141 4056 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:58:00.0172 4056 adp94xx - ok
18:58:00.0203 4056 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:58:00.0234 4056 adpahci - ok
18:58:00.0265 4056 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:58:00.0297 4056 adpu160m - ok
18:58:00.0328 4056 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:58:00.0343 4056 adpu320 - ok
18:58:00.0406 4056 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:58:00.0499 4056 AFD - ok
18:58:00.0577 4056 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:58:00.0718 4056 AgereSoftModem - ok
18:58:00.0765 4056 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:58:00.0780 4056 agp440 - ok
18:58:00.0827 4056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:58:00.0843 4056 aic78xx - ok
18:58:00.0889 4056 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:58:00.0905 4056 aliide - ok
18:58:00.0921 4056 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:58:00.0952 4056 amdagp - ok
18:58:00.0983 4056 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:58:00.0999 4056 amdide - ok
18:58:01.0030 4056 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:58:01.0201 4056 AmdK7 - ok
18:58:01.0233 4056 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:58:01.0311 4056 AmdK8 - ok
18:58:01.0342 4056 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:58:01.0357 4056 arc - ok
18:58:01.0389 4056 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:58:01.0404 4056 arcsas - ok
18:58:01.0467 4056 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:01.0545 4056 AsyncMac - ok
18:58:01.0591 4056 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:58:01.0623 4056 atapi - ok
18:58:01.0685 4056 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
18:58:01.0779 4056 athr - ok
18:58:01.0825 4056 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:58:01.0919 4056 Beep - ok
18:58:01.0966 4056 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:58:02.0028 4056 blbdrive - ok
18:58:02.0091 4056 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:58:02.0169 4056 bowser - ok
18:58:02.0184 4056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:58:02.0293 4056 BrFiltLo - ok
18:58:02.0325 4056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:58:02.0403 4056 BrFiltUp - ok
18:58:02.0434 4056 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:58:02.0652 4056 Brserid - ok
18:58:02.0683 4056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:58:02.0793 4056 BrSerWdm - ok
18:58:02.0824 4056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:58:02.0949 4056 BrUsbMdm - ok
18:58:02.0980 4056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:58:03.0073 4056 BrUsbSer - ok
18:58:03.0105 4056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:58:03.0214 4056 BTHMODEM - ok
18:58:03.0245 4056 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:58:03.0339 4056 cdfs - ok
18:58:03.0385 4056 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:58:03.0448 4056 cdrom - ok
18:58:03.0495 4056 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:58:03.0541 4056 circlass - ok
18:58:03.0604 4056 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:58:03.0635 4056 CLFS - ok
18:58:03.0666 4056 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:58:03.0729 4056 CmBatt - ok
18:58:03.0760 4056 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:58:03.0775 4056 cmdide - ok
18:58:03.0791 4056 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:58:03.0807 4056 Compbatt - ok
18:58:03.0838 4056 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:58:03.0853 4056 crcdisk - ok
18:58:03.0885 4056 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:58:03.0947 4056 Crusoe - ok
18:58:04.0025 4056 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:58:04.0087 4056 DfsC - ok
18:58:04.0165 4056 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:58:04.0181 4056 disk - ok
18:58:04.0228 4056 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:58:04.0290 4056 drmkaud - ok
18:58:04.0353 4056 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:58:04.0399 4056 DXGKrnl - ok
18:58:04.0431 4056 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:58:04.0493 4056 E1G60 - ok
18:58:04.0555 4056 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:58:04.0571 4056 Ecache - ok
18:58:04.0633 4056 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:58:04.0665 4056 elxstor - ok
18:58:04.0727 4056 EraserUtilDrv10741 - ok
18:58:04.0758 4056 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:58:04.0805 4056 ErrDev - ok
18:58:04.0852 4056 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:58:04.0914 4056 exfat - ok
18:58:04.0977 4056 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:58:05.0039 4056 fastfat - ok
18:58:05.0055 4056 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:58:05.0133 4056 fdc - ok
18:58:05.0164 4056 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:58:05.0195 4056 FileInfo - ok
18:58:05.0211 4056 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:58:05.0273 4056 Filetrace - ok
18:58:05.0320 4056 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:58:05.0382 4056 flpydisk - ok
18:58:05.0445 4056 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:58:05.0460 4056 FltMgr - ok
18:58:05.0507 4056 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:58:05.0554 4056 Fs_Rec - ok
18:58:05.0601 4056 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
18:58:05.0663 4056 FwLnk - ok
18:58:05.0694 4056 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:58:05.0710 4056 gagp30kx - ok
18:58:05.0741 4056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:58:05.0757 4056 GEARAspiWDM - ok
18:58:05.0803 4056 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:58:05.0913 4056 HdAudAddService - ok
18:58:05.0975 4056 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:58:06.0053 4056 HDAudBus - ok
18:58:06.0084 4056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:58:06.0162 4056 HidBth - ok
18:58:06.0193 4056 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:58:06.0287 4056 HidIr - ok
18:58:06.0318 4056 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:58:06.0958 4056 HidUsb - ok
18:58:06.0989 4056 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:58:07.0005 4056 HpCISSs - ok
18:58:07.0067 4056 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:58:07.0145 4056 HTTP - ok
18:58:07.0192 4056 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:58:07.0207 4056 i2omp - ok
18:58:07.0223 4056 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:58:07.0285 4056 i8042prt - ok
18:58:07.0332 4056 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
18:58:07.0426 4056 iaStor - ok
18:58:07.0457 4056 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:58:07.0473 4056 iaStorV - ok
18:58:07.0597 4056 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:58:07.0769 4056 igfx - ok
18:58:07.0800 4056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:58:07.0816 4056 iirsp - ok
18:58:07.0925 4056 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
18:58:08.0034 4056 IntcAzAudAddService - ok
18:58:08.0065 4056 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:58:08.0081 4056 intelide - ok
18:58:08.0112 4056 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:58:08.0190 4056 intelppm - ok
18:58:08.0237 4056 IO_Memory - ok
18:58:08.0268 4056 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:58:08.0331 4056 IpFilterDriver - ok
18:58:08.0362 4056 IpInIp - ok
18:58:08.0393 4056 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:58:08.0455 4056 IPMIDRV - ok
18:58:08.0487 4056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:58:08.0565 4056 IPNAT - ok
18:58:08.0611 4056 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:58:08.0674 4056 IRENUM - ok
18:58:08.0705 4056 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:58:08.0721 4056 isapnp - ok
18:58:08.0799 4056 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:58:08.0814 4056 iScsiPrt - ok
18:58:08.0845 4056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:58:08.0861 4056 iteatapi - ok
18:58:08.0877 4056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:58:08.0892 4056 iteraid - ok
18:58:08.0939 4056 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
18:58:09.0001 4056 jswpslwf - ok
18:58:09.0033 4056 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:58:09.0048 4056 kbdclass - ok
18:58:09.0111 4056 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:58:09.0157 4056 kbdhid - ok
18:58:09.0204 4056 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
18:58:09.0267 4056 KR10I - ok
18:58:09.0298 4056 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
18:58:09.0345 4056 KR10N - ok
18:58:09.0407 4056 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:58:09.0454 4056 KSecDD - ok
18:58:09.0501 4056 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:58:09.0532 4056 LHidFilt - ok
18:58:09.0563 4056 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:58:09.0610 4056 lltdio - ok
18:58:09.0657 4056 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:58:09.0688 4056 LMouFilt - ok
18:58:09.0703 4056 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:58:09.0735 4056 LSI_FC - ok
18:58:09.0766 4056 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:58:09.0781 4056 LSI_SAS - ok
18:58:09.0797 4056 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:58:09.0813 4056 LSI_SCSI - ok
18:58:09.0844 4056 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:58:09.0922 4056 luafv - ok
18:58:09.0937 4056 MCSTRM - ok
18:58:09.0969 4056 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:58:09.0984 4056 megasas - ok
18:58:10.0015 4056 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:58:10.0047 4056 MegaSR - ok
18:58:10.0093 4056 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:58:10.0140 4056 Modem - ok
18:58:10.0171 4056 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:58:10.0234 4056 monitor - ok
18:58:10.0265 4056 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:58:10.0281 4056 mouclass - ok
18:58:10.0312 4056 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:58:10.0390 4056 mouhid - ok
18:58:10.0437 4056 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:58:10.0452 4056 MountMgr - ok
18:58:10.0483 4056 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:58:10.0515 4056 mpio - ok
18:58:10.0530 4056 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:58:10.0593 4056 mpsdrv - ok
18:58:10.0639 4056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:58:10.0655 4056 Mraid35x - ok
18:58:10.0702 4056 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:58:10.0780 4056 MRxDAV - ok
18:58:10.0827 4056 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:58:10.0889 4056 mrxsmb - ok
18:58:10.0936 4056 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:58:10.0967 4056 mrxsmb10 - ok
18:58:10.0983 4056 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:58:11.0014 4056 mrxsmb20 - ok
18:58:11.0045 4056 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:58:11.0061 4056 msahci - ok
18:58:11.0092 4056 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:58:11.0107 4056 msdsm - ok
18:58:11.0154 4056 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:58:11.0217 4056 Msfs - ok
18:58:11.0263 4056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:58:11.0279 4056 msisadrv - ok
18:58:11.0310 4056 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:58:11.0373 4056 MSKSSRV - ok
18:58:11.0404 4056 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:58:11.0451 4056 MSPCLOCK - ok
18:58:11.0482 4056 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:58:11.0529 4056 MSPQM - ok
18:58:11.0575 4056 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:58:11.0607 4056 MsRPC - ok
18:58:11.0638 4056 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:58:11.0653 4056 mssmbios - ok
18:58:11.0669 4056 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:58:11.0747 4056 MSTEE - ok
18:58:11.0778 4056 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:58:11.0794 4056 Mup - ok
18:58:11.0856 4056 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:58:11.0919 4056 NativeWifiP - ok
18:58:11.0965 4056 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:58:12.0012 4056 NDIS - ok
18:58:12.0043 4056 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:58:12.0106 4056 NdisTapi - ok
18:58:12.0137 4056 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:58:12.0199 4056 Ndisuio - ok
18:58:12.0262 4056 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:58:12.0324 4056 NdisWan - ok
18:58:12.0355 4056 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:58:12.0402 4056 NDProxy - ok
18:58:12.0433 4056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:58:12.0511 4056 NetBIOS - ok
18:58:12.0558 4056 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:58:12.0605 4056 netbt - ok
18:58:12.0652 4056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:58:12.0667 4056 nfrd960 - ok
18:58:12.0699 4056 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:58:12.0761 4056 Npfs - ok
18:58:12.0792 4056 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:58:12.0870 4056 nsiproxy - ok
18:58:12.0964 4056 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:58:13.0089 4056 Ntfs - ok
18:58:13.0120 4056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:58:13.0229 4056 ntrigdigi - ok
18:58:13.0245 4056 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:58:13.0291 4056 Null - ok
18:58:13.0323 4056 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:58:13.0338 4056 nvraid - ok
18:58:13.0369 4056 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:58:13.0385 4056 nvstor - ok
18:58:13.0416 4056 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:58:13.0432 4056 nv_agp - ok
18:58:13.0447 4056 NwlnkFlt - ok
18:58:13.0463 4056 NwlnkFwd - ok
18:58:13.0510 4056 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:58:13.0603 4056 ohci1394 - ok
18:58:13.0650 4056 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
18:58:13.0713 4056 PalmUSBD - ok
18:58:13.0744 4056 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:58:13.0837 4056 Parport - ok
18:58:13.0884 4056 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:58:13.0900 4056 partmgr - ok
18:58:13.0931 4056 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:58:14.0025 4056 Parvdm - ok
18:58:14.0087 4056 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:58:14.0118 4056 pci - ok
18:58:14.0134 4056 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:58:14.0149 4056 pciide - ok
18:58:14.0196 4056 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:58:14.0212 4056 pcmcia - ok
18:58:14.0259 4056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:58:14.0399 4056 PEAUTH - ok
18:58:14.0493 4056 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:58:14.0539 4056 PptpMiniport - ok
18:58:14.0571 4056 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:58:14.0633 4056 Processor - ok
18:58:14.0695 4056 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:58:14.0758 4056 PSched - ok
18:58:14.0836 4056 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:58:14.0961 4056 ql2300 - ok
18:58:14.0992 4056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:58:15.0007 4056 ql40xx - ok
18:58:15.0054 4056 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:58:15.0117 4056 QWAVEdrv - ok
18:58:15.0132 4056 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:58:15.0179 4056 RasAcd - ok
18:58:15.0210 4056 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:58:15.0257 4056 Rasl2tp - ok
18:58:15.0319 4056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:58:15.0382 4056 RasPppoe - ok
18:58:15.0444 4056 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:58:15.0460 4056 RasSstp - ok
18:58:15.0522 4056 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:58:15.0585 4056 rdbss - ok
18:58:15.0616 4056 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:58:15.0678 4056 RDPCDD - ok
18:58:15.0741 4056 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:58:15.0787 4056 rdpdr - ok
18:58:15.0803 4056 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:58:15.0881 4056 RDPENCDD - ok
18:58:15.0928 4056 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:58:15.0990 4056 RDPWD - ok
18:58:16.0053 4056 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:58:16.0115 4056 rspndr - ok
18:58:16.0177 4056 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:58:16.0255 4056 RTL8169 - ok
18:58:16.0287 4056 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
18:58:16.0333 4056 RTSTOR - ok
18:58:16.0380 4056 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:58:16.0411 4056 sbp2port - ok
18:58:16.0458 4056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:58:16.0552 4056 secdrv - ok
18:58:16.0599 4056 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:58:16.0708 4056 Serenum - ok
18:58:16.0755 4056 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:58:16.0864 4056 Serial - ok
18:58:16.0895 4056 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:58:16.0957 4056 sermouse - ok
18:58:17.0004 4056 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:58:17.0035 4056 sffdisk - ok
18:58:17.0067 4056 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:58:17.0129 4056 sffp_mmc - ok
18:58:17.0160 4056 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:58:17.0223 4056 sffp_sd - ok
18:58:17.0254 4056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:58:17.0347 4056 sfloppy - ok
18:58:17.0379 4056 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:58:17.0394 4056 sisagp - ok
18:58:17.0410 4056 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:58:17.0441 4056 SiSRaid2 - ok
18:58:17.0472 4056 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:58:17.0488 4056 SiSRaid4 - ok
18:58:17.0550 4056 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:58:17.0613 4056 Smb - ok
18:58:17.0675 4056 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:58:17.0691 4056 spldr - ok
18:58:17.0753 4056 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:58:17.0847 4056 srv - ok
18:58:17.0878 4056 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:58:17.0925 4056 srv2 - ok
18:58:17.0971 4056 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:58:18.0003 4056 srvnet - ok
18:58:18.0034 4056 ssrangdr (f87737d83b965efa765117051e3b9d0c) C:\Windows\system32\DRIVERS\ssrangdr.sys
18:58:18.0096 4056 ssrangdr - ok
18:58:18.0112 4056 stcy - ok
18:58:18.0190 4056 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
18:58:18.0190 4056 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
18:58:18.0190 4056 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
18:58:18.0252 4056 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:58:18.0268 4056 swenum - ok
18:58:18.0315 4056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:58:18.0330 4056 Symc8xx - ok
18:58:18.0361 4056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:58:18.0377 4056 Sym_hi - ok
18:58:18.0408 4056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:58:18.0424 4056 Sym_u3 - ok
18:58:18.0455 4056 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
18:58:18.0502 4056 SynTP - ok
18:58:18.0580 4056 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:58:18.0720 4056 Tcpip - ok
18:58:18.0798 4056 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:58:18.0845 4056 Tcpip6 - ok
18:58:18.0876 4056 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:58:18.0954 4056 tcpipreg - ok
18:58:18.0985 4056 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:58:19.0017 4056 tdcmdpst - ok
18:58:19.0063 4056 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:58:19.0126 4056 TDPIPE - ok
18:58:19.0157 4056 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:58:19.0204 4056 TDTCP - ok
18:58:19.0266 4056 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:58:19.0282 4056 TermDD - ok
18:58:19.0360 4056 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:58:19.0391 4056 tos_sps32 - ok
18:58:19.0438 4056 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:19.0500 4056 tssecsrv - ok
18:58:19.0531 4056 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:58:19.0594 4056 tunmp - ok
18:58:19.0641 4056 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:58:19.0703 4056 tunnel - ok
18:58:19.0750 4056 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:58:19.0765 4056 TVALZ - ok
18:58:19.0797 4056 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:58:19.0828 4056 uagp35 - ok
18:58:19.0890 4056 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:58:19.0921 4056 udfs - ok
18:58:19.0968 4056 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:58:19.0984 4056 uliagpkx - ok
18:58:20.0015 4056 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:58:20.0046 4056 uliahci - ok
18:58:20.0077 4056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:58:20.0093 4056 UlSata - ok
18:58:20.0140 4056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:58:20.0155 4056 ulsata2 - ok
18:58:20.0187 4056 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:58:20.0265 4056 umbus - ok
18:58:20.0327 4056 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:58:20.0389 4056 USBAAPL - ok
18:58:20.0436 4056 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:58:20.0483 4056 usbaudio - ok
18:58:20.0545 4056 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
18:58:20.0577 4056 usbbus - ok
18:58:20.0639 4056 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:58:20.0686 4056 usbccgp - ok
18:58:20.0717 4056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:58:20.0795 4056 usbcir - ok
18:58:20.0842 4056 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:58:20.0889 4056 UsbDiag - ok
18:58:20.0935 4056 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:58:21.0013 4056 usbehci - ok
18:58:21.0060 4056 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:58:21.0123 4056 usbhub - ok
18:58:21.0169 4056 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:58:21.0185 4056 USBModem - ok
18:58:21.0216 4056 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:58:21.0325 4056 usbohci - ok
18:58:21.0372 4056 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:58:21.0435 4056 usbprint - ok
18:58:21.0481 4056 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:21.0513 4056 USBSTOR - ok
18:58:21.0528 4056 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:58:21.0575 4056 usbuhci - ok
18:58:21.0591 4056 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:58:21.0669 4056 usbvideo - ok
18:58:21.0715 4056 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:58:21.0778 4056 UVCFTR - ok
18:58:21.0825 4056 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:21.0871 4056 vga - ok
18:58:21.0887 4056 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:58:21.0934 4056 VgaSave - ok
18:58:21.0949 4056 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:58:21.0981 4056 viaagp - ok
18:58:21.0996 4056 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:58:22.0074 4056 ViaC7 - ok
18:58:22.0105 4056 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:58:22.0121 4056 viaide - ok
18:58:22.0168 4056 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:58:22.0199 4056 volmgr - ok
18:58:22.0261 4056 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:58:22.0293 4056 volmgrx - ok
18:58:22.0355 4056 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:58:22.0386 4056 volsnap - ok
18:58:22.0417 4056 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:58:22.0433 4056 vsmraid - ok
18:58:22.0495 4056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:58:22.0573 4056 WacomPen - ok
18:58:22.0605 4056 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:22.0667 4056 Wanarp - ok
18:58:22.0667 4056 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:22.0698 4056 Wanarpv6 - ok
18:58:22.0745 4056 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:58:22.0776 4056 Wd - ok
18:58:22.0807 4056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:58:22.0854 4056 Wdf01000 - ok
18:58:22.0948 4056 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:58:22.0995 4056 WmiAcpi - ok
18:58:23.0073 4056 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:58:23.0151 4056 WpdUsb - ok
18:58:23.0182 4056 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:58:23.0244 4056 ws2ifsl - ok
18:58:23.0307 4056 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:23.0385 4056 WUDFRd - ok
18:58:23.0431 4056 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:58:23.0541 4056 \Device\Harddisk0\DR0 - ok
18:58:23.0541 4056 Boot (0x1200) (334e86cad4cefeb322d6c9db9e4bd456) \Device\Harddisk0\DR0\Partition0
18:58:23.0541 4056 \Device\Harddisk0\DR0\Partition0 - ok
18:58:23.0541 4056 ============================================================
18:58:23.0541 4056 Scan finished
18:58:23.0541 4056 ============================================================
18:58:23.0556 0480 Detected object count: 1
18:58:23.0556 0480 Actual detected object count: 1
18:58:46.0597 0480 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:46.0597 0480 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 14 October 2011 - 07:38 PM

Please download MiniRegTool.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDX]

  • Check Export keys radio button.
  • Press Go button and post the result.


#8 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 14 October 2011 - 11:50 PM

MiniRegTool result:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDX]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDX\0000]
"Service"="tdx"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000400
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="@%SystemRoot%\\system32\\tcpipcfg.dll,-50004"
"Capabilities"=dword:00000000

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 15 October 2011 - 04:55 AM

Please download and save
Double-click to run it and confirm the prompt to allow merging.

Restart the computer.

After restart check internet connection and give me feedback about it.

#10 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 15 October 2011 - 01:39 PM

I downloaded the file & transferred it to the laptop (from desktop via flash drive) & tried to run it. I clicked through the prompt to continue ('yes') and a "Registry Editor" window popped up saying: Cannot import C:\Users\Meghan\Desktop\tdxFix.reg: Error accessing the registry.

What should I do from here?

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 16 October 2011 - 07:17 AM

Please download instead and run it, reboot and check the connection.

#12 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 16 October 2011 - 10:24 PM

That worked. It now says it's connected (with excellent strength) to the internet instead of 'identifying' like it was before, but when I open Firefox it will not load any pages.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 17 October 2011 - 01:09 AM

Great. :thumbup2:

We still need some work to do.

  • We need to scan the system with this special tool.
    • Please download Junction.zip and save it.
    • Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    junction -s c:\>log.txt
    start log.txt
    
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this: Posted Image
    • Right-click and run it as administrator.
    • The command prompt opens, wait until a notepad opens, copy and paste the content (log.txt) to your reply.


#14 cadmonkey

cadmonkey
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 PM

Posted 17 October 2011 - 01:55 AM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Guest\Application Data: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming
Substitute Name: C:\Users\Guest\AppData\Roaming

\\?\c:\\Users\Guest\Cookies: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Guest\Local Settings: JUNCTION
Print Name : C:\Users\Guest\AppData\Local
Substitute Name: C:\Users\Guest\AppData\Local

\\?\c:\\Users\Guest\My Documents: JUNCTION
Print Name : C:\Users\Guest\Documents
Substitute Name: C:\Users\Guest\Documents

\\?\c:\\Users\Guest\NetHood: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Guest\PrintHood: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Guest\Recent: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Guest\SendTo: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Guest\Start Menu: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Guest\Templates: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Guest\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Guest\AppData\Local
Substitute Name: C:\Users\Guest\AppData\Local

\\?\c:\\Users\Guest\AppData\Local\History: JUNCTION
Print Name : C:\Users\Guest\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Guest\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Guest\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...\\?\c:\\Users\Guest\Documents\My Music: JUNCTION
Print Name : C:\Users\Guest\Music
Substitute Name: C:\Users\Guest\Music

\\?\c:\\Users\Guest\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Guest\Pictures
Substitute Name: C:\Users\Guest\Pictures

\\?\c:\\Users\Guest\Documents\My Videos: JUNCTION
Print Name : C:\Users\Guest\Videos
Substitute Name: C:\Users\Guest\Videos

\\?\c:\\Users\Meghan\Application Data: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming
Substitute Name: C:\Users\Meghan\AppData\Roaming

\\?\c:\\Users\Meghan\Cookies: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Meghan\Local Settings: JUNCTION
Print Name : C:\Users\Meghan\AppData\Local
Substitute Name: C:\Users\Meghan\AppData\Local

\\?\c:\\Users\Meghan\My Documents: JUNCTION
Print Name : C:\Users\Meghan\Documents
Substitute Name: C:\Users\Meghan\Documents

\\?\c:\\Users\Meghan\NetHood: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Meghan\PrintHood: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Meghan\Recent: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Meghan\SendTo: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Meghan\Start Menu: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Meghan\Templates: JUNCTION
Print Name : C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Meghan\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Meghan\AppData\Local
Substitute Name: C:\Users\Meghan\AppData\Local

\\?\c:\\Users\Meghan\AppData\Local\History: JUNCTION
Print Name : C:\Users\Meghan\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Meghan\AppData\Local\Microsoft\Windows\History



\\?\c:\\Users\Meghan\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Meghan\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Meghan\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

.\\?\c:\\Users\Meghan\Documents\My Music: JUNCTION
Print Name : C:\Users\Meghan\Music
Substitute Name: C:\Users\Meghan\Music

\\?\c:\\Users\Meghan\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Meghan\Pictures
Substitute Name: C:\Users\Meghan\Pictures

\\?\c:\\Users\Meghan\Documents\My Videos: JUNCTION
Print Name : C:\Users\Meghan\Videos
Substitute Name: C:\Users\Meghan\Videos

.\\?\c:\\Users\Nick\Application Data: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming
Substitute Name: C:\Users\Nick\AppData\Roaming

\\?\c:\\Users\Nick\Cookies: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Nick\Local Settings: JUNCTION
Print Name : C:\Users\Nick\AppData\Local
Substitute Name: C:\Users\Nick\AppData\Local

\\?\c:\\Users\Nick\My Documents: JUNCTION
Print Name : C:\Users\Nick\Documents
Substitute Name: C:\Users\Nick\Documents

\\?\c:\\Users\Nick\NetHood: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts

.\\?\c:\\Users\Nick\PrintHood: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Nick\Recent: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Nick\SendTo: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Nick\Start Menu: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Nick\Templates: JUNCTION
Print Name : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Nick\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Nick\AppData\Local
Substitute Name: C:\Users\Nick\AppData\Local

\\?\c:\\Users\Nick\AppData\Local\History: JUNCTION
Print Name : C:\Users\Nick\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Nick\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Nick\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files



...

...

...


Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF175A.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF183A.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF1A2C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF1BD1.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF20C9.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF20DE.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF2397.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF254B.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF2632.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF263D.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF267C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF2686.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF26AF.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF26B9.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3018.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3D44.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3E6C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3E71.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3E74.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3EB7.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3EBD.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3EE1.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF3EE6.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4094.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF40B0.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF40ED.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4863.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4B2C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4B5C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4B82.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4BD3.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF4D4B.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF6F27.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF6F37.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF6FE3.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF6FEB.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF7010.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF7017.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF7178.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF7183.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF71CD.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF71D7.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF7201.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DF720B.tmp: Access is denied.


.
Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFAFA9.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFAFB1.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFAFFA.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFB001.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFB027.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFB02E.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFB5A0.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFC625.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFCA4.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFCC6C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFCCAD.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFCCD1.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFCD01.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFE557.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFE817.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFE8BD.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFE8C5.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFE92D.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEA76.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEA7E.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEAED.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEAF2.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEB17.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEB1C.tmp: Access is denied.



Failed to open \\?\c:\\Users\Nick\AppData\Local\Temp\~DFEB51.tmp: Access is denied.


..

...

...

..\\?\c:\\Users\Nick\Documents\My Music: JUNCTION
Print Name : C:\Users\Nick\Music
Substitute Name: C:\Users\Nick\Music

\\?\c:\\Users\Nick\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Nick\Pictures
Substitute Name: C:\Users\Nick\Pictures

\\?\c:\\Users\Nick\Documents\My Videos: JUNCTION
Print Name : C:\Users\Nick\Videos
Substitute Name: C:\Users\Nick\Videos

.

\\?\c:\\Users\oid\Application Data: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming
Substitute Name: C:\Users\oid\AppData\Roaming

\\?\c:\\Users\oid\Cookies: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\oid\Local Settings: JUNCTION
Print Name : C:\Users\oid\AppData\Local
Substitute Name: C:\Users\oid\AppData\Local

\\?\c:\\Users\oid\My Documents: JUNCTION
Print Name : C:\Users\oid\Documents
Substitute Name: C:\Users\oid\Documents

\\?\c:\\Users\oid\NetHood: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\oid\PrintHood: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\oid\Recent: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\oid\SendTo: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\oid\Start Menu: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\oid\Templates: JUNCTION
Print Name : C:\Users\oid\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\oid\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\oid\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\oid\AppData\Local
Substitute Name: C:\Users\oid\AppData\Local

\\?\c:\\Users\oid\AppData\Local\History: JUNCTION
Print Name : C:\Users\oid\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\oid\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\oid\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\oid\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\oid\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

.
Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF18D6.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF2A7A.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF2AE6.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF2B3C.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF2B4B.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DF2B5A.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE6C3.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE711.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE75B.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE765.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE78E.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFE798.tmp: Access is denied.



Failed to open \\?\c:\\Users\oid\AppData\Local\Temp\~DFFC1.tmp: Access is denied.


..

...

...

...

...

\\?\c:\\Users\oid\Documents\My Music: JUNCTION
Print Name : C:\Users\oid\Music
Substitute Name: C:\Users\oid\Music

\\?\c:\\Users\oid\Documents\My Pictures: JUNCTION
Print Name : C:\Users\oid\Pictures
Substitute Name: C:\Users\oid\Pictures

\\?\c:\\Users\oid\Documents\My Videos: JUNCTION
Print Name : C:\Users\oid\Videos
Substitute Name: C:\Users\oid\Videos

...

...

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos


Failed to open \\?\c:\\Windows\$NtUninstallKB22334$: Access is denied.


\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

.\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\$NtUninstallKB22334$\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos



...

...

...

...
Failed to open \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\csp5EEA.tmp: Access is denied.




...

...

...

...

...\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\System32\config\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent



\\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

..\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos

.

...

...

...

...

...

...

.
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:48 PM

Posted 17 October 2011 - 03:08 AM

I see you have no antivirus installed. We will install one the next round.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users