Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had System Restore virus, Still have Google Re-directs


  • This topic is locked This topic is locked
22 replies to this topic

#1 BryanEW710

BryanEW710

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 21 October 2011 - 06:37 AM

All,

Unfortunately, this is my second machine in my house to be infected as such. The first one I just bought a new HDD and reinstalled Windows, but, since this machine is a netbook (eMachines eM250), this is not as an attractive option.

I had the basic symptoms of the System Restore virus and followed all of the instructions up to using TDSS. I downloaded and renamed it, then double clicked it, but nothing happened after that. I tried multiple times, but got no results. I went ahead and updated/ran Malwarebytes anyway, which got rid of most of the symptoms the virus. As for RKill, it would stop Internet Explorer, but iexplore.exe continues to pop up in Task Manager. I attempted a Windows Restore (using the actual Windows app, of course) which didn't help. I also uninstalled McAfee, uninstalled then reinstalled MBAM from the link, and installed MS Security Essentials.

I have tried downloading GMER, but got the following message before it ran:

LoadDriver("C:\DOCUME~1\BRYANW~1\LOCALS~1\Temp\uxldqpog.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent key.


When it did run, the only options that weren't ghosted out were Services, Registry, and Files. The scan came up with no results, so I won't post the results here unless prompted. Here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Bryan Wyatt at 6:54:33 on 2011-10-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.377 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\snuvcdsm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [snuvcdsm] c:\windows\snuvcdsm.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276101183062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7087F162-9CFD-4882-B2F2-F1C51237BA21} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bryan wyatt\application data\mozilla\firefox\profiles\fzfc62jg.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\documents and settings\bryan wyatt\application data\mozilla\firefox\profiles\fzfc62jg.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\bryan wyatt\application data\mozilla\firefox\profiles\fzfc62jg.default\extensions\nparcadeox@nparcadeox.com\plugins\nparcadeox.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: arcadeox: nparcadeox@nparcadeox.com - %profile%\extensions\nparcadeox@nparcadeox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6031ce2c;MpKsl6031ce2c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085967b5-2916-40c9-b4cc-ab34e8b741eb}\MpKsl6031ce2c.sys [2011-10-21 28752]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-11-6 107016]
R2 Updater Service;Updater Service;c:\program files\emachines\emachines updater\UpdaterService.exe [2009-11-6 240160]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-11-6 45056]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-6 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-7-6 100736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-6 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-10-21 10:38:39 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085967b5-2916-40c9-b4cc-ab34e8b741eb}\MpKsl6031ce2c.sys
2011-10-21 10:38:34 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085967b5-2916-40c9-b4cc-ab34e8b741eb}\offreg.dll
2011-10-21 03:47:22 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-21 03:46:45 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085967b5-2916-40c9-b4cc-ab34e8b741eb}\mpengine.dll
2011-10-21 03:45:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-21 03:42:26 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-21 03:09:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-21 03:09:21 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 7:01:46.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 21 October 2011 - 07:43 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 21 October 2011 - 08:09 AM

Thank you for the reply, Gringo! I'll follow these instructions when I get home tonight.

(Thankfully, I have multiple computers, so I can follow the conversation and any instructions on one while I'm working on the other!)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 21 October 2011 - 08:12 AM

see you later
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 07:25 AM

I ran it once and didn't get any log results--it just closed when it was finished. I ran it two more times because nothing happened. I hadn't realized that it would pop up a blue window similar to the Command Prompt (cmd.exe).

Other symptoms I've had since I did the restore is that the Show Desktop button is hidden/unavailable in the Quick Launch area. iexplore.exe is constantly running in the task manager. Also, Windows Updater Service crashes from time to time when I purposely took the netbook off of the network. It thinks that I've got some updates to apply.

I'll post the log when ComboFix finishes.

Edited by BryanEW710, 22 October 2011 - 07:25 AM.


#6 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 08:38 AM

Here's the ComboFix log:

ComboFix 11-10-21.06 - Bryan Wyatt 10/22/2011 8:33.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.441 [GMT -4:00]
Running from: c:\documents and settings\Bryan Wyatt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 11:49 . 2011-10-22 11:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-10-21 11:46 . 2011-10-21 11:46 -------- d-----w- c:\windows\LastGood
2011-10-21 11:46 . 2011-10-21 11:46 -------- d-----w- c:\documents and settings\Bryan Wyatt\Application Data\Malwarebytes
2011-10-21 11:45 . 2011-10-21 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-21 11:45 . 2011-10-21 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 11:45 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 11:44 . 2011-10-21 11:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085967B5-2916-40C9-B4CC-AB34E8B741EB}\MpKsl23f6a10b.sys
2011-10-21 11:44 . 2011-10-21 11:44 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085967B5-2916-40C9-B4CC-AB34E8B741EB}\offreg.dll
2011-10-21 11:42 . 2011-10-21 11:42 602112 ----a-w- c:\windows\system32\SETC5.tmp
2011-10-21 03:47 . 2011-09-12 20:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-21 03:46 . 2011-10-07 00:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085967B5-2916-40C9-B4CC-AB34E8B741EB}\mpengine.dll
2011-10-21 03:45 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-21 03:42 . 2011-10-21 03:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-21 03:09 . 2011-10-21 03:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-21 01:52 . 2011-10-21 03:03 -------- d-s---w- c:\documents and settings\Administrator
2011-10-18 00:12 . 2011-08-22 23:48 55296 ----a-w- c:\windows\system32\SETC4.tmp
2011-10-18 00:11 . 2011-08-22 23:48 105984 ----a-w- c:\windows\system32\SETBF.tmp
2011-10-18 00:11 . 2011-08-22 23:48 916480 ----a-w- c:\windows\system32\SETBD.tmp
2011-10-18 00:11 . 2011-08-22 23:48 1212416 ----a-w- c:\windows\system32\SETBE.tmp
2011-10-18 00:11 . 2011-10-03 08:35 5971456 ----a-w- c:\windows\system32\SETC3.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 11:56 . 2009-11-06 16:26 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 18:01 . 2010-06-10 17:30 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-08-11 27184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 15:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Vodacom 3G Mobile Internet\\Vodacom 3G USB Modem\\Vodacom 3G Mobile Internet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKsl23f6a10b;MpKsl23f6a10b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085967B5-2916-40C9-B4CC-AB34E8B741EB}\MpKsl23f6a10b.sys [10/21/2011 7:44 AM 28752]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [11/6/2009 12:27 PM 107016]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [11/6/2009 3:36 PM 240160]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11/6/2009 12:27 PM 45056]
R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2010 1:51 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/6/2009 3:14 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/4/2010 1:51 PM 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/6/2010 9:05 AM 100736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [11/6/2009 3:09 PM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL23F6A10B
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 17:51]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 17:51]
.
2011-10-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Bryan Wyatt\Application Data\Mozilla\Firefox\Profiles\fzfc62jg.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: arcadeox: nparcadeox@nparcadeox.com - %profile%\extensions\nparcadeox@nparcadeox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 09:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(2040)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-10-22 09:34:34
ComboFix-quarantined-files.txt 2011-10-22 13:34
.
Pre-Run: 118,512,820,224 bytes free
Post-Run: 120,278,765,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 318E91CE714697DEF05D0276966A7AE9

#7 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 08:42 AM

One note...even after ComboFix, iexplore.exe starts running on its own in the Task Manager, even though no IE window is visible.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 22 October 2011 - 12:16 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 01:03 PM

I'm having the same problem with TDSSKiller as before: when I try to run it, I double-click, tell it to run when the warning comes up...and nothing happens. Nothing in the Task Manager, no windows...nothing.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 22 October 2011 - 01:56 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 02:10 PM

The program ran for only a second (literally) and then prompted me to restart. Once it did, it prompted me to run the TDSS Fix Tool. When it did, the result was

***Infected MBR Detected


When I ran TDSSKiller, it came back with no threats found. I will post the report in my next post.

15:07:42.0859 4040 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
15:07:43.0203 4040 ============================================================
15:07:43.0203 4040 Current date / time: 2011/10/22 15:07:43.0203
15:07:43.0203 4040 SystemInfo:
15:07:43.0203 4040
15:07:43.0203 4040 OS Version: 5.1.2600 ServicePack: 3.0
15:07:43.0203 4040 Product type: Workstation
15:07:43.0203 4040 ComputerName: NETBOOK
15:07:43.0203 4040 UserName: Bryan Wyatt
15:07:43.0203 4040 Windows directory: C:\WINDOWS
15:07:43.0203 4040 System windows directory: C:\WINDOWS
15:07:43.0203 4040 Processor architecture: Intel x86
15:07:43.0203 4040 Number of processors: 2
15:07:43.0203 4040 Page size: 0x1000
15:07:43.0203 4040 Boot type: Normal boot
15:07:43.0203 4040 ============================================================
15:07:43.0703 4040 Initialize success
15:07:45.0750 0576 ============================================================
15:07:45.0750 0576 Scan started
15:07:45.0750 0576 Mode: Manual;
15:07:45.0750 0576 ============================================================
15:07:46.0281 0576 Abiosdsk - ok
15:07:46.0343 0576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:07:46.0343 0576 abp480n5 - ok
15:07:46.0406 0576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:07:46.0406 0576 ACPI - ok
15:07:46.0515 0576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:07:46.0515 0576 ACPIEC - ok
15:07:46.0578 0576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:07:46.0578 0576 adpu160m - ok
15:07:46.0625 0576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:07:46.0625 0576 aec - ok
15:07:46.0687 0576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:07:46.0703 0576 AFD - ok
15:07:46.0828 0576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:07:46.0843 0576 agp440 - ok
15:07:46.0875 0576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:07:46.0875 0576 agpCPQ - ok
15:07:46.0906 0576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:07:46.0906 0576 Aha154x - ok
15:07:46.0953 0576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:07:46.0953 0576 aic78u2 - ok
15:07:46.0968 0576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:07:46.0984 0576 aic78xx - ok
15:07:47.0031 0576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:07:47.0031 0576 AliIde - ok
15:07:47.0140 0576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:07:47.0140 0576 alim1541 - ok
15:07:47.0234 0576 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:07:47.0281 0576 Ambfilt - ok
15:07:47.0421 0576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:07:47.0421 0576 amdagp - ok
15:07:47.0453 0576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:07:47.0453 0576 amsint - ok
15:07:47.0484 0576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:07:47.0484 0576 asc - ok
15:07:47.0515 0576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:07:47.0515 0576 asc3350p - ok
15:07:47.0531 0576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:07:47.0531 0576 asc3550 - ok
15:07:47.0593 0576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:07:47.0593 0576 AsyncMac - ok
15:07:47.0718 0576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:07:47.0718 0576 atapi - ok
15:07:47.0734 0576 Atdisk - ok
15:07:47.0781 0576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:07:47.0781 0576 Atmarpc - ok
15:07:47.0828 0576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:07:47.0828 0576 audstub - ok
15:07:47.0937 0576 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:07:47.0984 0576 BCM43XX - ok
15:07:48.0109 0576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:07:48.0125 0576 Beep - ok
15:07:48.0187 0576 catchme - ok
15:07:48.0218 0576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:07:48.0218 0576 cbidf - ok
15:07:48.0234 0576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:07:48.0234 0576 cbidf2k - ok
15:07:48.0281 0576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:07:48.0281 0576 CCDECODE - ok
15:07:48.0312 0576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:07:48.0312 0576 cd20xrnt - ok
15:07:48.0437 0576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:07:48.0437 0576 Cdaudio - ok
15:07:48.0500 0576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:07:48.0500 0576 Cdfs - ok
15:07:48.0531 0576 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:07:48.0531 0576 Cdrom - ok
15:07:48.0546 0576 Changer - ok
15:07:48.0593 0576 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:07:48.0609 0576 CmBatt - ok
15:07:48.0625 0576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:07:48.0640 0576 CmdIde - ok
15:07:48.0750 0576 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:07:48.0750 0576 Compbatt - ok
15:07:48.0812 0576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:07:48.0812 0576 Cpqarray - ok
15:07:48.0859 0576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:07:48.0875 0576 dac2w2k - ok
15:07:48.0906 0576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:07:48.0906 0576 dac960nt - ok
15:07:48.0937 0576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:07:48.0937 0576 Disk - ok
15:07:48.0984 0576 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
15:07:49.0000 0576 DKbFltr - ok
15:07:49.0125 0576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:07:49.0156 0576 dmboot - ok
15:07:49.0281 0576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:07:49.0296 0576 dmio - ok
15:07:49.0328 0576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:07:49.0328 0576 dmload - ok
15:07:49.0375 0576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:07:49.0375 0576 DMusic - ok
15:07:49.0406 0576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:07:49.0406 0576 dpti2o - ok
15:07:49.0421 0576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:07:49.0437 0576 drmkaud - ok
15:07:49.0500 0576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:07:49.0515 0576 Fastfat - ok
15:07:49.0640 0576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:07:49.0640 0576 Fdc - ok
15:07:49.0687 0576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:07:49.0687 0576 Fips - ok
15:07:49.0718 0576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:07:49.0718 0576 Flpydisk - ok
15:07:49.0734 0576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:07:49.0750 0576 FltMgr - ok
15:07:49.0796 0576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:07:49.0796 0576 Fs_Rec - ok
15:07:49.0812 0576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:07:49.0812 0576 Ftdisk - ok
15:07:49.0859 0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:07:49.0875 0576 Gpc - ok
15:07:49.0906 0576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:07:49.0906 0576 HDAudBus - ok
15:07:49.0968 0576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:07:49.0968 0576 HidUsb - ok
15:07:50.0093 0576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:07:50.0093 0576 hpn - ok
15:07:50.0156 0576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:07:50.0156 0576 HTTP - ok
15:07:50.0265 0576 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:07:50.0281 0576 hwdatacard - ok
15:07:50.0343 0576 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
15:07:50.0343 0576 hwusbdev - ok
15:07:50.0437 0576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:07:50.0437 0576 i2omgmt - ok
15:07:50.0468 0576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:07:50.0468 0576 i2omp - ok
15:07:50.0531 0576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:07:50.0531 0576 i8042prt - ok
15:07:50.0781 0576 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:07:50.0937 0576 ialm - ok
15:07:51.0078 0576 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
15:07:51.0093 0576 iaStor - ok
15:07:51.0140 0576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:07:51.0156 0576 Imapi - ok
15:07:51.0203 0576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:07:51.0203 0576 ini910u - ok
15:07:51.0437 0576 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:07:51.0500 0576 IntcAzAudAddService - ok
15:07:51.0609 0576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:07:51.0609 0576 IntelIde - ok
15:07:51.0671 0576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:07:51.0671 0576 intelppm - ok
15:07:51.0703 0576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:07:51.0703 0576 Ip6Fw - ok
15:07:51.0734 0576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:07:51.0734 0576 IpFilterDriver - ok
15:07:51.0765 0576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:07:51.0765 0576 IpInIp - ok
15:07:51.0906 0576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:07:51.0906 0576 IpNat - ok
15:07:51.0937 0576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:07:51.0937 0576 IPSec - ok
15:07:51.0968 0576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:07:51.0968 0576 IRENUM - ok
15:07:52.0015 0576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:07:52.0015 0576 isapnp - ok
15:07:52.0062 0576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:07:52.0078 0576 Kbdclass - ok
15:07:52.0109 0576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:07:52.0109 0576 kmixer - ok
15:07:52.0250 0576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:07:52.0250 0576 KSecDD - ok
15:07:52.0296 0576 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
15:07:52.0296 0576 L1c - ok
15:07:52.0328 0576 lbrtfdc - ok
15:07:52.0390 0576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:07:52.0390 0576 mnmdd - ok
15:07:52.0437 0576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:07:52.0437 0576 Modem - ok
15:07:52.0515 0576 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:07:52.0546 0576 Monfilt - ok
15:07:52.0671 0576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:07:52.0671 0576 Mouclass - ok
15:07:52.0734 0576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:07:52.0734 0576 mouhid - ok
15:07:52.0765 0576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:07:52.0781 0576 MountMgr - ok
15:07:52.0828 0576 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:07:52.0828 0576 MpFilter - ok
15:07:52.0953 0576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:07:52.0953 0576 mraid35x - ok
15:07:52.0984 0576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:07:53.0000 0576 MRxDAV - ok
15:07:53.0046 0576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:07:53.0062 0576 MRxSmb - ok
15:07:53.0218 0576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:07:53.0218 0576 Msfs - ok
15:07:53.0250 0576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:07:53.0250 0576 MSKSSRV - ok
15:07:53.0281 0576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:07:53.0281 0576 MSPCLOCK - ok
15:07:53.0312 0576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:07:53.0312 0576 MSPQM - ok
15:07:53.0343 0576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:07:53.0343 0576 mssmbios - ok
15:07:53.0453 0576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:07:53.0453 0576 MSTEE - ok
15:07:53.0500 0576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:07:53.0500 0576 Mup - ok
15:07:53.0531 0576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:07:53.0531 0576 NABTSFEC - ok
15:07:53.0578 0576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:07:53.0593 0576 NDIS - ok
15:07:53.0718 0576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:07:53.0734 0576 NdisIP - ok
15:07:53.0765 0576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:07:53.0765 0576 NdisTapi - ok
15:07:53.0796 0576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:07:53.0796 0576 Ndisuio - ok
15:07:53.0812 0576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:07:53.0828 0576 NdisWan - ok
15:07:53.0875 0576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:07:53.0875 0576 NDProxy - ok
15:07:54.0000 0576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:07:54.0000 0576 NetBIOS - ok
15:07:54.0015 0576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:07:54.0031 0576 NetBT - ok
15:07:54.0078 0576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:07:54.0078 0576 Npfs - ok
15:07:54.0140 0576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:07:54.0156 0576 Ntfs - ok
15:07:54.0312 0576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:07:54.0312 0576 Null - ok
15:07:54.0359 0576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:07:54.0359 0576 NwlnkFlt - ok
15:07:54.0390 0576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:07:54.0390 0576 NwlnkFwd - ok
15:07:54.0437 0576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:07:54.0437 0576 Parport - ok
15:07:54.0468 0576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:07:54.0468 0576 PartMgr - ok
15:07:54.0593 0576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:07:54.0593 0576 ParVdm - ok
15:07:54.0609 0576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:07:54.0609 0576 PCI - ok
15:07:54.0625 0576 PCIDump - ok
15:07:54.0640 0576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:07:54.0656 0576 PCIIde - ok
15:07:54.0687 0576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:07:54.0687 0576 Pcmcia - ok
15:07:54.0703 0576 PDCOMP - ok
15:07:54.0718 0576 PDFRAME - ok
15:07:54.0734 0576 PDRELI - ok
15:07:54.0750 0576 PDRFRAME - ok
15:07:54.0781 0576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:07:54.0781 0576 perc2 - ok
15:07:54.0796 0576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:07:54.0796 0576 perc2hib - ok
15:07:54.0875 0576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:07:54.0875 0576 PptpMiniport - ok
15:07:54.0906 0576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:07:54.0906 0576 PSched - ok
15:07:54.0921 0576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:07:54.0921 0576 Ptilink - ok
15:07:54.0953 0576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:07:54.0953 0576 ql1080 - ok
15:07:55.0078 0576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:07:55.0078 0576 Ql10wnt - ok
15:07:55.0109 0576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:07:55.0109 0576 ql12160 - ok
15:07:55.0125 0576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:07:55.0125 0576 ql1240 - ok
15:07:55.0156 0576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:07:55.0156 0576 ql1280 - ok
15:07:55.0187 0576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:07:55.0203 0576 RasAcd - ok
15:07:55.0234 0576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:07:55.0234 0576 Rasl2tp - ok
15:07:55.0359 0576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:07:55.0359 0576 RasPppoe - ok
15:07:55.0375 0576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:07:55.0390 0576 Raspti - ok
15:07:55.0421 0576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:07:55.0437 0576 Rdbss - ok
15:07:55.0437 0576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:07:55.0453 0576 RDPCDD - ok
15:07:55.0500 0576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:07:55.0500 0576 rdpdr - ok
15:07:55.0546 0576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:07:55.0562 0576 RDPWD - ok
15:07:55.0609 0576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:07:55.0609 0576 redbook - ok
15:07:55.0765 0576 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
15:07:55.0781 0576 RSUSBSTOR - ok
15:07:55.0796 0576 Rts516xIR - ok
15:07:55.0859 0576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:07:55.0859 0576 Secdrv - ok
15:07:55.0906 0576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:07:55.0906 0576 Serial - ok
15:07:55.0953 0576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:07:55.0953 0576 Sfloppy - ok
15:07:55.0968 0576 Simbad - ok
15:07:56.0015 0576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:07:56.0015 0576 sisagp - ok
15:07:56.0125 0576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:07:56.0125 0576 SLIP - ok
15:07:56.0250 0576 SNP2UVC (59c9b920a1767cb857c5fb2e1e66e7e4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
15:07:56.0312 0576 SNP2UVC - ok
15:07:56.0437 0576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:07:56.0437 0576 Sparrow - ok
15:07:56.0484 0576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:07:56.0484 0576 splitter - ok
15:07:56.0515 0576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:07:56.0531 0576 sr - ok
15:07:56.0593 0576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:07:56.0609 0576 Srv - ok
15:07:56.0671 0576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:07:56.0671 0576 streamip - ok
15:07:56.0796 0576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:07:56.0812 0576 swenum - ok
15:07:56.0828 0576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:07:56.0828 0576 swmidi - ok
15:07:56.0875 0576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:07:56.0875 0576 symc810 - ok
15:07:56.0906 0576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:07:56.0906 0576 symc8xx - ok
15:07:56.0984 0576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:07:57.0000 0576 sym_hi - ok
15:07:57.0078 0576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:07:57.0078 0576 sym_u3 - ok
15:07:57.0140 0576 SynTP (e09c6ae9f84b5985979046e0a5896584) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:07:57.0156 0576 SynTP - ok
15:07:57.0265 0576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:07:57.0281 0576 sysaudio - ok
15:07:57.0375 0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:07:57.0390 0576 Tcpip - ok
15:07:57.0484 0576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:07:57.0484 0576 TDPIPE - ok
15:07:57.0531 0576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:07:57.0531 0576 TDTCP - ok
15:07:57.0562 0576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:07:57.0562 0576 TermDD - ok
15:07:57.0656 0576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:07:57.0671 0576 TosIde - ok
15:07:57.0765 0576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:07:57.0781 0576 Udfs - ok
15:07:57.0812 0576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:07:57.0812 0576 ultra - ok
15:07:57.0859 0576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:07:57.0875 0576 Update - ok
15:07:58.0046 0576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:07:58.0046 0576 usbccgp - ok
15:07:58.0062 0576 USBCCID - ok
15:07:58.0125 0576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:07:58.0125 0576 usbehci - ok
15:07:58.0156 0576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:07:58.0156 0576 usbhub - ok
15:07:58.0203 0576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:07:58.0203 0576 usbscan - ok
15:07:58.0250 0576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:07:58.0250 0576 USBSTOR - ok
15:07:58.0390 0576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:07:58.0390 0576 usbuhci - ok
15:07:58.0453 0576 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:07:58.0453 0576 usbvideo - ok
15:07:58.0500 0576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:07:58.0500 0576 VgaSave - ok
15:07:58.0531 0576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:07:58.0531 0576 viaagp - ok
15:07:58.0671 0576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:07:58.0671 0576 ViaIde - ok
15:07:58.0718 0576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:07:58.0718 0576 VolSnap - ok
15:07:58.0781 0576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:07:58.0781 0576 Wanarp - ok
15:07:58.0843 0576 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:07:58.0859 0576 Wdf01000 - ok
15:07:58.0953 0576 WDICA - ok
15:07:59.0015 0576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:07:59.0015 0576 wdmaud - ok
15:07:59.0109 0576 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:07:59.0125 0576 WmiAcpi - ok
15:07:59.0203 0576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:07:59.0203 0576 WSTCODEC - ok
15:07:59.0312 0576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:07:59.0343 0576 \Device\Harddisk0\DR0 - ok
15:07:59.0359 0576 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
15:07:59.0375 0576 \Device\Harddisk1\DR3 - ok
15:07:59.0390 0576 Boot (0x1200) (19eb67440491af5452938b714f48df4f) \Device\Harddisk0\DR0\Partition0
15:07:59.0390 0576 \Device\Harddisk0\DR0\Partition0 - ok
15:07:59.0406 0576 Boot (0x1200) (bdc2963af0ac7d61c82f2689c82ed9f3) \Device\Harddisk1\DR3\Partition0
15:07:59.0406 0576 \Device\Harddisk1\DR3\Partition0 - ok
15:07:59.0421 0576 ============================================================
15:07:59.0421 0576 Scan finished
15:07:59.0421 0576 ============================================================
15:07:59.0453 0388 Detected object count: 0
15:07:59.0453 0388 Actual detected object count: 0
15:08:47.0093 3196 ============================================================
15:08:47.0093 3196 Scan started
15:08:47.0093 3196 Mode: Manual; SigCheck; TDLFS;
15:08:47.0093 3196 ============================================================
15:08:47.0312 3196 Abiosdsk - ok
15:08:47.0359 3196 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:08:48.0500 3196 abp480n5 - ok
15:08:48.0625 3196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:48.0906 3196 ACPI - ok
15:08:48.0921 3196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:08:49.0109 3196 ACPIEC - ok
15:08:49.0250 3196 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:08:49.0468 3196 adpu160m - ok
15:08:49.0500 3196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:08:49.0687 3196 aec - ok
15:08:49.0734 3196 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:08:49.0812 3196 AFD - ok
15:08:49.0953 3196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:08:50.0156 3196 agp440 - ok
15:08:50.0218 3196 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:08:50.0453 3196 agpCPQ - ok
15:08:50.0468 3196 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:08:50.0531 3196 Aha154x - ok
15:08:50.0562 3196 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:08:50.0781 3196 aic78u2 - ok
15:08:50.0906 3196 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:08:51.0093 3196 aic78xx - ok
15:08:51.0140 3196 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:08:51.0375 3196 AliIde - ok
15:08:51.0421 3196 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:08:51.0625 3196 alim1541 - ok
15:08:51.0718 3196 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:08:51.0937 3196 Ambfilt - ok
15:08:52.0078 3196 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:08:52.0296 3196 amdagp - ok
15:08:52.0343 3196 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:08:52.0437 3196 amsint - ok
15:08:52.0468 3196 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:08:52.0656 3196 asc - ok
15:08:52.0781 3196 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:08:52.0859 3196 asc3350p - ok
15:08:52.0875 3196 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:08:53.0062 3196 asc3550 - ok
15:08:53.0125 3196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:53.0328 3196 AsyncMac - ok
15:08:53.0406 3196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:53.0609 3196 atapi - ok
15:08:53.0625 3196 Atdisk - ok
15:08:53.0656 3196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:53.0859 3196 Atmarpc - ok
15:08:54.0031 3196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:54.0234 3196 audstub - ok
15:08:54.0406 3196 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:08:54.0515 3196 BCM43XX - ok
15:08:54.0640 3196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:54.0921 3196 Beep - ok
15:08:55.0062 3196 catchme - ok
15:08:55.0093 3196 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:08:55.0406 3196 cbidf - ok
15:08:55.0531 3196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:55.0734 3196 cbidf2k - ok
15:08:55.0765 3196 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:08:55.0984 3196 CCDECODE - ok
15:08:56.0031 3196 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:08:56.0109 3196 cd20xrnt - ok
15:08:56.0234 3196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:56.0421 3196 Cdaudio - ok
15:08:56.0468 3196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:56.0687 3196 Cdfs - ok
15:08:56.0718 3196 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:56.0796 3196 Cdrom - ok
15:08:56.0906 3196 Changer - ok
15:08:56.0953 3196 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:08:57.0171 3196 CmBatt - ok
15:08:57.0234 3196 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:08:57.0437 3196 CmdIde - ok
15:08:57.0562 3196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:08:57.0765 3196 Compbatt - ok
15:08:57.0828 3196 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:08:58.0046 3196 Cpqarray - ok
15:08:58.0125 3196 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:08:58.0343 3196 dac2w2k - ok
15:08:58.0515 3196 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:08:58.0734 3196 dac960nt - ok
15:08:58.0843 3196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:59.0031 3196 Disk - ok
15:08:59.0140 3196 DKbFltr (66c8d2405d9acc629125782de9538f6e) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
15:08:59.0218 3196 DKbFltr - ok
15:08:59.0343 3196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:59.0609 3196 dmboot - ok
15:08:59.0750 3196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:08:59.0968 3196 dmio - ok
15:09:00.0015 3196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:09:00.0234 3196 dmload - ok
15:09:00.0312 3196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:09:00.0515 3196 DMusic - ok
15:09:00.0609 3196 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:09:00.0812 3196 dpti2o - ok
15:09:00.0906 3196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:09:01.0125 3196 drmkaud - ok
15:09:01.0218 3196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:09:01.0437 3196 Fastfat - ok
15:09:01.0484 3196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:09:01.0734 3196 Fdc - ok
15:09:01.0921 3196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:09:02.0125 3196 Fips - ok
15:09:02.0234 3196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:09:02.0484 3196 Flpydisk - ok
15:09:02.0515 3196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:09:02.0750 3196 FltMgr - ok
15:09:02.0921 3196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:03.0125 3196 Fs_Rec - ok
15:09:03.0218 3196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:03.0453 3196 Ftdisk - ok
15:09:03.0484 3196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:03.0718 3196 Gpc - ok
15:09:03.0843 3196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:09:04.0046 3196 HDAudBus - ok
15:09:04.0140 3196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:04.0343 3196 HidUsb - ok
15:09:04.0421 3196 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:09:04.0656 3196 hpn - ok
15:09:04.0703 3196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:04.0765 3196 HTTP - ok
15:09:04.0890 3196 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:09:05.0000 3196 hwdatacard - ok
15:09:05.0156 3196 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
15:09:05.0171 3196 hwusbdev - ok
15:09:05.0218 3196 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:09:05.0437 3196 i2omgmt - ok
15:09:05.0468 3196 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:09:05.0703 3196 i2omp - ok
15:09:05.0750 3196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:05.0937 3196 i8042prt - ok
15:09:06.0328 3196 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:09:06.0765 3196 ialm - ok
15:09:06.0906 3196 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
15:09:06.0937 3196 iaStor - ok
15:09:06.0984 3196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:07.0203 3196 Imapi - ok
15:09:07.0250 3196 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:09:07.0484 3196 ini910u - ok
15:09:07.0781 3196 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:09:08.0203 3196 IntcAzAudAddService - ok
15:09:08.0343 3196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:09:08.0546 3196 IntelIde - ok
15:09:08.0640 3196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:09:08.0859 3196 intelppm - ok
15:09:08.0921 3196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:09:09.0140 3196 Ip6Fw - ok
15:09:09.0312 3196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:09.0515 3196 IpFilterDriver - ok
15:09:09.0531 3196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:09.0765 3196 IpInIp - ok
15:09:09.0828 3196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:10.0093 3196 IpNat - ok
15:09:10.0218 3196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:10.0437 3196 IPSec - ok
15:09:10.0453 3196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:10.0531 3196 IRENUM - ok
15:09:10.0562 3196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:10.0750 3196 isapnp - ok
15:09:10.0796 3196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:11.0015 3196 Kbdclass - ok
15:09:11.0156 3196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:09:11.0343 3196 kmixer - ok
15:09:11.0421 3196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:11.0453 3196 KSecDD - ok
15:09:11.0500 3196 L1c (573337205057e22e13da1ffbc66a8aaf) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
15:09:11.0546 3196 L1c - ok
15:09:11.0640 3196 lbrtfdc - ok
15:09:11.0718 3196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:09:11.0937 3196 mnmdd - ok
15:09:12.0125 3196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:09:12.0343 3196 Modem - ok
15:09:12.0484 3196 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:09:12.0734 3196 Monfilt - ok
15:09:12.0937 3196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:09:13.0125 3196 Mouclass - ok
15:09:13.0171 3196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:09:13.0390 3196 mouhid - ok
15:09:13.0437 3196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:09:13.0640 3196 MountMgr - ok
15:09:13.0828 3196 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:09:13.0859 3196 MpFilter - ok
15:09:13.0890 3196 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:09:14.0109 3196 mraid35x - ok
15:09:14.0125 3196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:09:14.0343 3196 MRxDAV - ok
15:09:14.0453 3196 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:09:14.0531 3196 MRxSmb - ok
15:09:14.0687 3196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:09:14.0890 3196 Msfs - ok
15:09:14.0921 3196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:09:15.0156 3196 MSKSSRV - ok
15:09:15.0203 3196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:09:15.0421 3196 MSPCLOCK - ok
15:09:15.0562 3196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:09:15.0765 3196 MSPQM - ok
15:09:15.0796 3196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:09:16.0015 3196 mssmbios - ok
15:09:16.0046 3196 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:09:16.0265 3196 MSTEE - ok
15:09:16.0343 3196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:09:16.0375 3196 Mup - ok
15:09:16.0500 3196 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:09:16.0718 3196 NABTSFEC - ok
15:09:16.0843 3196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:09:17.0109 3196 NDIS - ok
15:09:17.0140 3196 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:09:17.0343 3196 NdisIP - ok
15:09:17.0578 3196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:09:17.0640 3196 NdisTapi - ok
15:09:17.0687 3196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:09:17.0875 3196 Ndisuio - ok
15:09:17.0937 3196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:09:18.0140 3196 NdisWan - ok
15:09:18.0328 3196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:09:18.0390 3196 NDProxy - ok
15:09:18.0421 3196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:09:18.0625 3196 NetBIOS - ok
15:09:18.0750 3196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:09:19.0015 3196 NetBT - ok
15:09:19.0203 3196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:09:19.0406 3196 Npfs - ok
15:09:19.0468 3196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:09:19.0687 3196 Ntfs - ok
15:09:19.0812 3196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:09:20.0015 3196 Null - ok
15:09:20.0062 3196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:09:20.0250 3196 NwlnkFlt - ok
15:09:20.0312 3196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:09:20.0515 3196 NwlnkFwd - ok
15:09:20.0562 3196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:09:20.0750 3196 Parport - ok
15:09:20.0890 3196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:09:21.0078 3196 PartMgr - ok
15:09:21.0125 3196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:09:21.0328 3196 ParVdm - ok
15:09:21.0343 3196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:09:21.0625 3196 PCI - ok
15:09:21.0640 3196 PCIDump - ok
15:09:21.0656 3196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:09:21.0843 3196 PCIIde - ok
15:09:21.0890 3196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:09:22.0093 3196 Pcmcia - ok
15:09:22.0203 3196 PDCOMP - ok
15:09:22.0218 3196 PDFRAME - ok
15:09:22.0234 3196 PDRELI - ok
15:09:22.0250 3196 PDRFRAME - ok
15:09:22.0296 3196 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:09:22.0500 3196 perc2 - ok
15:09:22.0609 3196 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:09:22.0812 3196 perc2hib - ok
15:09:22.0890 3196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:09:23.0093 3196 PptpMiniport - ok
15:09:23.0109 3196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:09:23.0343 3196 PSched - ok
15:09:23.0359 3196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:09:23.0531 3196 Ptilink - ok
15:09:23.0609 3196 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:09:23.0812 3196 ql1080 - ok
15:09:23.0921 3196 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:09:24.0140 3196 Ql10wnt - ok
15:09:24.0218 3196 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:09:24.0406 3196 ql12160 - ok
15:09:24.0453 3196 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:09:24.0656 3196 ql1240 - ok
15:09:24.0671 3196 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:09:24.0859 3196 ql1280 - ok
15:09:24.0890 3196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:09:25.0078 3196 RasAcd - ok
15:09:25.0234 3196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:09:25.0437 3196 Rasl2tp - ok
15:09:25.0453 3196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:09:25.0640 3196 RasPppoe - ok
15:09:25.0656 3196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:09:25.0890 3196 Raspti - ok
15:09:25.0921 3196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:09:26.0140 3196 Rdbss - ok
15:09:26.0328 3196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:09:26.0531 3196 RDPCDD - ok
15:09:26.0625 3196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:09:26.0859 3196 rdpdr - ok
15:09:26.0953 3196 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:09:27.0156 3196 RDPWD - ok
15:09:27.0312 3196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:09:27.0500 3196 redbook - ok
15:09:27.0562 3196 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
15:09:27.0625 3196 RSUSBSTOR - ok
15:09:27.0640 3196 Rts516xIR - ok
15:09:27.0703 3196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:09:27.0796 3196 Secdrv - ok
15:09:27.0921 3196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:09:28.0109 3196 Serial - ok
15:09:28.0203 3196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:09:28.0421 3196 Sfloppy - ok
15:09:28.0453 3196 Simbad - ok
15:09:28.0484 3196 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:09:28.0687 3196 sisagp - ok
15:09:28.0812 3196 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:09:29.0031 3196 SLIP - ok
15:09:29.0187 3196 SNP2UVC (59c9b920a1767cb857c5fb2e1e66e7e4) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
15:09:29.0359 3196 SNP2UVC - ok
15:09:29.0484 3196 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:09:29.0656 3196 Sparrow - ok
15:09:29.0687 3196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:09:29.0875 3196 splitter - ok
15:09:30.0015 3196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:30.0093 3196 sr - ok
15:09:30.0140 3196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:30.0218 3196 Srv - ok
15:09:30.0343 3196 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:09:30.0546 3196 streamip - ok
15:09:30.0640 3196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:30.0843 3196 swenum - ok
15:09:30.0906 3196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:09:31.0093 3196 swmidi - ok
15:09:31.0234 3196 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:09:31.0437 3196 symc810 - ok
15:09:31.0453 3196 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:09:31.0640 3196 symc8xx - ok
15:09:31.0718 3196 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:09:31.0921 3196 sym_hi - ok
15:09:32.0015 3196 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:09:32.0203 3196 sym_u3 - ok
15:09:32.0343 3196 SynTP (e09c6ae9f84b5985979046e0a5896584) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:09:32.0359 3196 SynTP - ok
15:09:32.0390 3196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:09:32.0625 3196 sysaudio - ok
15:09:32.0703 3196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:09:32.0812 3196 Tcpip - ok
15:09:32.0953 3196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:09:33.0234 3196 TDPIPE - ok
15:09:33.0281 3196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:09:33.0593 3196 TDTCP - ok
15:09:33.0625 3196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:09:33.0812 3196 TermDD - ok
15:09:33.0906 3196 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:09:34.0093 3196 TosIde - ok
15:09:34.0234 3196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:09:34.0437 3196 Udfs - ok
15:09:34.0453 3196 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:09:34.0531 3196 ultra - ok
15:09:34.0578 3196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:09:34.0812 3196 Update - ok
15:09:34.0953 3196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:09:35.0140 3196 usbccgp - ok
15:09:35.0156 3196 USBCCID - ok
15:09:35.0234 3196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:09:35.0421 3196 usbehci - ok
15:09:35.0437 3196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:09:35.0640 3196 usbhub - ok
15:09:35.0718 3196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:09:35.0921 3196 usbscan - ok
15:09:36.0125 3196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:09:36.0328 3196 USBSTOR - ok
15:09:36.0421 3196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:09:36.0609 3196 usbuhci - ok
15:09:36.0656 3196 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:09:36.0859 3196 usbvideo - ok
15:09:37.0031 3196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:09:37.0234 3196 VgaSave - ok
15:09:37.0312 3196 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:09:37.0515 3196 viaagp - ok
15:09:37.0531 3196 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:09:37.0734 3196 ViaIde - ok
15:09:37.0937 3196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:09:38.0125 3196 VolSnap - ok
15:09:38.0218 3196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:09:38.0390 3196 Wanarp - ok
15:09:38.0468 3196 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:09:38.0500 3196 Wdf01000 - ok
15:09:38.0593 3196 WDICA - ok
15:09:38.0640 3196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:09:38.0843 3196 wdmaud - ok
15:09:38.0906 3196 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:09:39.0125 3196 WmiAcpi - ok
15:09:39.0218 3196 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:09:39.0406 3196 WSTCODEC - ok
15:09:39.0468 3196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:09:39.0546 3196 \Device\Harddisk0\DR0 - ok
15:09:39.0546 3196 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
15:09:39.0703 3196 \Device\Harddisk1\DR3 - ok
15:09:39.0718 3196 Boot (0x1200) (19eb67440491af5452938b714f48df4f) \Device\Harddisk0\DR0\Partition0
15:09:39.0718 3196 \Device\Harddisk0\DR0\Partition0 - ok
15:09:39.0718 3196 Boot (0x1200) (bdc2963af0ac7d61c82f2689c82ed9f3) \Device\Harddisk1\DR3\Partition0
15:09:39.0734 3196 \Device\Harddisk1\DR3\Partition0 - ok
15:09:39.0734 3196 ============================================================
15:09:39.0734 3196 Scan finished
15:09:39.0734 3196 ============================================================
15:09:39.0859 3200 Detected object count: 0
15:09:39.0859 3200 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 22 October 2011 - 02:53 PM

How are things running at this time


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 22 October 2011 - 03:20 PM

I'm not getting any more redirects from Google search results, which is great. iexplore.exe is no longer in my tasklist. I still have some Windows Updates to process, so I'm going to try that.

For now, the only immediate problem that I see is that my Show Desktop quick launch icon seems to be missing. I also noticed that I'm getting a warning every time I try to move, update, or rename a file.

Edited by BryanEW710, 22 October 2011 - 03:25 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 22 October 2011 - 08:32 PM

These logs are looking alot better. But we still have some work to do.


Show desktop icon - http://support.microsoft.com/kb/190355

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.5 MUI

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 22 October 2011 - 08:33 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BryanEW710

BryanEW710
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 23 October 2011 - 12:08 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/23/2011 1:00:30 AM
mbam-log-2011-10-23 (01-00-30).txt

Scan type: Quick scan
Objects scanned: 183272
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:03:46 AM, on 10/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph06103335l0404wu25r4402624p
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [snuvcdsm] C:\WINDOWS\snuvcdsm.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276101183062
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

--
End of file - 6824 bytes

I have had no problems to report. The computer seems to be running normally. Only "issues" are that once TFC ran, some of my taskbar icons (like MS Security Essentials) are not present--the processes are running, however, so I'm guessing after a reboot, things will look fine. Also, I just updated the MBAM install I had put in earlier. Is that OK?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users