Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot acquire IP address (no internet) after zeroacess removal


  • This topic is locked This topic is locked
45 replies to this topic

#1 John Jackhammers

John Jackhammers

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 29 October 2011 - 03:22 PM

I think the rootkit is gone for now, the network won't acquire the IP address. If I manually set the IP address, it will not register DNS properly, however the internal file sharing network works using this method, but no the internet access. I've tried running the Network Diagnostic tool, and NetShell utilities to reset the TCP/IP stack and Winsock, but same problem still exists. I even tried the repair install. I'm guessing the removal of the rootkit did something to the registry that prevents the IP from being assigned automatically. As you can see in the log, I've used many tools to try to fix it. I've seen a similar situation on this forum before.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Administrator at 15:52:05 on 2011-10-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.397 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\nettransport 2\NXIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\nettransport 2\NTIEHelper.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\nettransport 2\NXToolBar.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {147D6308-0614-4112-89B1-31402F9B82C4} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download all by Net Transport - c:\program files\nettransport 2\NTAddList.html
IE: Download all by NetXfer - c:\program files\nettransport 2\NXAddList.html
IE: Download by Net Transport - c:\program files\nettransport 2\NTAddLink.html
IE: Download by NetXfer - c:\program files\nettransport 2\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
TCP: Interfaces\{96EFF690-8114-4793-8964-25E91A3FD89F} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Administrator\application data\mozilla\firefox\profiles\ilqvezub.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Administrator\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\windows media components\real alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\windows media components\real alternative\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2011-6-22 3026]
R1 SASDIFSV;SASDIFSV;c:\docume~1\Administrator\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\docume~1\Administrator\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-2-10 266240]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2007-3-31 166504]
S0 60409771;60409771;c:\windows\system32\drivers\33845471.sys --> c:\windows\system32\drivers\33845471.sys [?]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2011-6-11 516480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-6 2255464]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
S2 WBA_Agent_Client_Service;Brother BRAgent Service;c:\program files\brother\web bradmin\cgi-bin\wbaagent.exe --> c:\program files\brother\web bradmin\cgi-bin\wbaagent.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 0f458;0f458;c:\windows\system32\0f458.sys [2010-7-2 54624]
S3 AdWatchDrv;AW Realtime Driver;c:\windows\system32\drivers\AWRTPD.sys [2007-6-4 6272]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Administrator\locals~1\temp\aswarkrn.sys --> c:\docume~1\Administrator\locals~1\temp\aswArKrn.sys [?]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2011-6-11 11648]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-9-7 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2008-8-1 87424]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-20 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-20 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-5-22 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-5-22 23680]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-8-15 23296]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [2011-3-12 25088]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.SYS [2009-11-16 9446]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-29 19:00:30 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-10-29 19:00:30 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-10-29 19:00:25 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-10-29 19:00:12 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2011-10-29 19:00:09 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2011-10-29 19:00:09 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2011-10-29 19:00:09 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2011-10-29 19:00:07 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2011-10-29 19:00:07 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2011-10-29 19:00:07 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2011-10-29 19:00:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-10-29 18:58:53 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-10-29 18:58:31 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-10-29 18:58:31 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-10-29 18:58:31 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-10-29 18:58:14 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll
2011-10-29 18:58:10 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2011-10-29 18:58:07 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2011-10-29 18:56:20 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2011-10-29 18:53:52 -------- d-----w- c:\program files\Online Services
2011-10-29 18:53:39 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-10-29 18:53:39 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-10-29 18:51:14 -------- d-----w- c:\windows\system32\Cache
2011-10-29 18:50:33 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-10-29 14:07:20 -------- d-----w- c:\program files\Analog Devices
2011-10-29 13:50:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-10-29 13:50:42 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-10-29 13:50:42 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-10-29 13:50:42 13312 ----a-w- c:\windows\system32\irclass.dll
2011-10-29 13:49:56 13753 ----a-r- c:\windows\SETAB.tmp
2011-10-29 13:49:53 1086058 ----a-r- c:\windows\SET9F.tmp
2011-10-29 13:49:51 1042903 ----a-r- c:\windows\SET9C.tmp
2011-10-29 09:31:22 -------- d-----w- c:\windows\Drivers
2011-10-29 09:31:22 -------- d-----w- c:\windows\dell
2011-10-29 05:59:22 -------- d-s---w- C:\Uninstall
2011-10-28 17:35:30 -------- d-----w- c:\windows\system32\CatRoot2
2011-10-24 01:14:05 -------- d-----w- c:\documents and settings\Administrator\application data\DriverCure
2011-10-24 01:14:04 -------- d-----w- c:\documents and settings\Administrator\application data\ParetoLogic
2011-10-24 01:13:44 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-10-22 14:29:20 -------- d-sh--w- C:\found.000
2011-10-22 11:22:21 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-10-22 11:14:32 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-10-22 10:50:02 -------- d-----w- c:\program files\PCSAFEDOCTOR
2011-10-22 01:11:20 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-10-21 14:22:08 -------- d-----w- c:\windows\SYSWOW64
2011-10-21 14:21:21 -------- d--h--w- c:\program files\WindowsUpdate
2011-10-21 13:04:56 290304 ----a-w- C:\subinacl.exe
2011-10-16 12:09:05 -------- d-----w- c:\documents and settings\Administrator\local settings\application data\NPE
2011-10-16 12:09:05 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-10-16 02:29:49 -------- d-----w- c:\windows\setup.pss
2011-10-15 23:16:55 58880 ----a-w- c:\windows\system32\takeown.exe
2011-10-15 23:10:41 24576 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2011-10-15 15:11:34 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-15 14:59:54 0 ----a-w- c:\windows\system32\REN14.tmp
2011-10-15 14:59:54 0 ----a-w- c:\windows\system32\REN13.tmp
2011-10-15 14:59:54 0 ----a-w- c:\windows\system32\REN12.tmp
2011-10-14 20:51:22 -------- d-----w- c:\program files\Sophos
2011-10-13 03:45:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-13 03:45:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-10 19:57:05 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-10-10 16:14:21 -------- d-sh--w- c:\documents and settings\Administrator\local settings\application data\0631b7d3
.
==================== Find3M ====================
.
2011-09-25 17:16:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 20:31:48 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-06 20:31:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-06 20:31:45 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 11:49:00 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49:00 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49:00 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49:00 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49:00 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49:00 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49:00 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49:00 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49:00 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49:00 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
============= FINISH: 15:56:14.32 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 03 November 2011 - 03:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425571 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 04 November 2011 - 06:10 AM

Hello John Jackhammers,

Apologies for the delay.

Before I ask you to run some tools and post the logs please update me on the current condition of your computer and the issue you are currently facing with.

#4 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 04 November 2011 - 07:56 PM

Farbar,

Thanks for the reply. Mid-october, I've removed a rootkit that seemed to be blocking internet access by running a mix of many malware removal tools. One of them indicated it was a variant of zeroaccess I think. The internet connection could not be restored after the removal. I've tried manually assigning IP address, but that will only help with the local network access -- still no internet access. I've tried resetting the tcp/ip using the built in netshell commands, but this did not have much of an effect. The IP address on ipconfig /all reads 0.0.0.0.
I've read that I should try a repair install with the windows CD, but that only made matters worse as it reset many of my customized settings.

After the repair install, there is still no internet/network connection. I've tried updating the drivers and using a USB wireless adapter, but it still would not connect.
Right now, with many of the settings changed from the repair install, Microsoft Feeds Synchronization gives a message about needing to close itself every few minutes, and opening media files will result in a blue screen error. This was not the case before the repair install.

Also, when trying to resolve the problem I've looked at the startup list with (msconfig) and saw a blank entry in safe mode and decided to uncheck it, but now the modified startup alert pops up every time I boot up and I cannot find the entry I disabled.

I suspect it's something that was changed in the registry.

Attached are the logs requested by the bot.

Attached Files



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 05 November 2011 - 07:27 AM

John Jackhammers,

Thanks for the feedback.

By now you that the repair install was a mistake. We could have recover internet connection much easier than making the system to function normally. In order to help both of us please refrain to make any changes from now on your own until we are done.

Please do the steps in the order they are written and give me feedback about whether you could perform them.

Also pleas copy and paste the logs to your reply. Please attach the log if any log is too big or requested to be attached.

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage, even leaving the system unbootable:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot.
  • Please tell me if "Microsoft Feeds Synchronization" error appears even when you are not opening Internet Explorer.
  • Go to Add/Remove programs in Control Panel and uninstall Spybot S&D. You may install it again when we are done.
  • I will send you a link via PM (Private Message). Run the tool and post the log please.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

    Please post the log even if it didn't detect anything.


#6 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 November 2011 - 08:31 AM

Thanks.

Yes, sadly the repair install was a big mistake. Since I tried the install with an SP2 CD, it also brought the version down from a SP3. I wanted to avoid posting on public forums, and since hearing that the repair install was an option, I wanted to try it. If only there was a way to undo it. Rest assured, I won't be making any changes to it because I'm using a different spare computer right now.

1. Done and rebooted.
2. Yes, this appears during startup (without Internet Explorer) and an a new one appears every few minutes. There's also a SPI error that appears. These began appearing only after the repair install.
3. Done and rebooted.
4. Done and attached.
5. I've ran this tool before the repair install. I remember it detected a different unrelated malware. But this recent log produced no results. I've attached all of the past logs of the tool, along with the most recent log.

Farbar Servic Scanner
Ran by Administrator (administrator) on 05-11-2011 at 09:07:20
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************
========================= Internet Connection Services: =======================

DHCP Service is not running. Checking service configuration:

afd Service is not running. Checking service configuration:
The ImagePath of afd: "system32\drivers\tsk4.tmp".

File Check:
===========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-12 08:18] - [2004-08-12 08:18] - 0111104 ____A (Microsoft Corporation) CB6CA3E5261D65F6F809EED23BF167AA

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-12 08:17] - [2004-08-12 08:17] - 0138496 ____A (Microsoft Corporation) 5AC495F4CB807B2B98AD2AD591E6D92E



**** End of log ****

09:20:36.0968 0624 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
09:20:37.0000 0624 ============================================================
09:20:37.0000 0624 Current date / time: 2011/11/05 09:20:37.0000
09:20:37.0000 0624 SystemInfo:
09:20:37.0000 0624
09:20:37.0000 0624 OS Version: 5.1.2600 ServicePack: 2.0
09:20:37.0000 0624 Product type: Workstation
09:20:37.0000 0624 ComputerName: HOME
09:20:37.0000 0624 UserName: Administrator
09:20:37.0000 0624 Windows directory: C:\WINDOWS
09:20:37.0000 0624 System windows directory: C:\WINDOWS
09:20:37.0000 0624 Processor architecture: Intel x86
09:20:37.0000 0624 Number of processors: 2
09:20:37.0000 0624 Page size: 0x1000
09:20:37.0000 0624 Boot type: Normal boot
09:20:37.0000 0624 ============================================================
09:20:37.0359 0624 Initialize success
09:20:48.0687 3120 ============================================================
09:20:48.0687 3120 Scan started
09:20:48.0687 3120 Mode: Manual;
09:20:48.0687 3120 ============================================================
09:20:48.0968 3120 0f458 (43b0076b3ab8996b84d2cc8f990b582f) C:\WINDOWS\system32\0f458.sys
09:20:48.0968 3120 0f458 - ok
09:20:49.0015 3120 60409771 - ok
09:20:49.0031 3120 Abiosdsk - ok
09:20:49.0062 3120 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:20:49.0062 3120 abp480n5 - ok
09:20:49.0125 3120 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:20:49.0140 3120 ACPI - ok
09:20:49.0156 3120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:20:49.0156 3120 ACPIEC - ok
09:20:49.0187 3120 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:20:49.0187 3120 adpu160m - ok
09:20:49.0234 3120 AdWatchDrv (ec018602809b28520caa132cd616bb2a) C:\WINDOWS\system32\drivers\AWRTPD.sys
09:20:49.0234 3120 AdWatchDrv - ok
09:20:49.0281 3120 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
09:20:49.0281 3120 aec - ok
09:20:49.0296 3120 AFD - ok
09:20:49.0359 3120 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:20:49.0359 3120 agp440 - ok
09:20:49.0375 3120 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:20:49.0375 3120 agpCPQ - ok
09:20:49.0421 3120 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:20:49.0421 3120 Aha154x - ok
09:20:49.0453 3120 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:20:49.0453 3120 aic78u2 - ok
09:20:49.0484 3120 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:20:49.0484 3120 aic78xx - ok
09:20:49.0515 3120 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:20:49.0515 3120 AliIde - ok
09:20:49.0562 3120 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:20:49.0562 3120 alim1541 - ok
09:20:49.0593 3120 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:20:49.0593 3120 amdagp - ok
09:20:49.0625 3120 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:20:49.0625 3120 amsint - ok
09:20:49.0687 3120 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:20:49.0687 3120 Arp1394 - ok
09:20:49.0703 3120 ASAPIW2K - ok
09:20:49.0734 3120 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:20:49.0734 3120 asc - ok
09:20:49.0765 3120 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:20:49.0765 3120 asc3350p - ok
09:20:49.0796 3120 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:20:49.0796 3120 asc3550 - ok
09:20:49.0859 3120 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
09:20:49.0875 3120 Aspi32 - ok
09:20:49.0984 3120 aswArKrn - ok
09:20:50.0046 3120 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:20:50.0046 3120 AsyncMac - ok
09:20:50.0093 3120 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:20:50.0093 3120 atapi - ok
09:20:50.0109 3120 Atdisk - ok
09:20:50.0125 3120 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:20:50.0125 3120 Atmarpc - ok
09:20:50.0156 3120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:20:50.0156 3120 audstub - ok
09:20:50.0234 3120 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:20:50.0234 3120 AVGIDSDriver - ok
09:20:50.0281 3120 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:20:50.0296 3120 AVGIDSEH - ok
09:20:50.0343 3120 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:20:50.0343 3120 AVGIDSFilter - ok
09:20:50.0406 3120 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:20:50.0406 3120 AVGIDSShim - ok
09:20:50.0468 3120 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:20:50.0468 3120 Avgldx86 - ok
09:20:50.0531 3120 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:20:50.0531 3120 Avgmfx86 - ok
09:20:50.0593 3120 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:20:50.0593 3120 Avgrkx86 - ok
09:20:50.0640 3120 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:20:50.0656 3120 Avgtdix - ok
09:20:50.0687 3120 b57w2k (0bb5248a2a5c6fbb50584c75c32ac2d0) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:20:50.0687 3120 b57w2k - ok
09:20:50.0718 3120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:20:50.0718 3120 Beep - ok
09:20:50.0750 3120 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:20:50.0750 3120 Bridge - ok
09:20:50.0750 3120 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:20:50.0750 3120 BridgeMP - ok
09:20:50.0812 3120 Bulk1528 (ed1d7546e84a3ebd7f6e900de73cf390) C:\WINDOWS\system32\Drivers\Bulk1528.sys
09:20:50.0812 3120 Bulk1528 - ok
09:20:50.0828 3120 bvrp_pci - ok
09:20:50.0890 3120 Ca1528av (94bf1cd4cdf4b02be835d78ca5104734) C:\WINDOWS\system32\Drivers\Ca1528av.sys
09:20:50.0890 3120 Ca1528av - ok
09:20:50.0890 3120 catchme - ok
09:20:50.0921 3120 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:20:50.0921 3120 cbidf - ok
09:20:50.0937 3120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:20:50.0937 3120 cbidf2k - ok
09:20:51.0000 3120 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:20:51.0000 3120 CCDECODE - ok
09:20:51.0031 3120 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:20:51.0031 3120 cd20xrnt - ok
09:20:51.0062 3120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:20:51.0062 3120 Cdaudio - ok
09:20:51.0109 3120 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
09:20:51.0109 3120 Cdfs - ok
09:20:51.0171 3120 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:20:51.0171 3120 Cdrom - ok
09:20:51.0187 3120 Changer - ok
09:20:51.0234 3120 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:20:51.0234 3120 CmdIde - ok
09:20:51.0281 3120 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
09:20:51.0281 3120 COMMONFX - ok
09:20:51.0328 3120 COMMONFX.DLL (638549431887f59905f28a38f82d31e8) C:\WINDOWS\system32\COMMONFX.DLL
09:20:51.0328 3120 COMMONFX.DLL - ok
09:20:51.0359 3120 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
09:20:51.0359 3120 COMMONFX.SYS - ok
09:20:51.0406 3120 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:20:51.0406 3120 Cpqarray - ok
09:20:51.0484 3120 CT20XUT.DLL (71c8899fc61309e4233d66f33c8b07b0) C:\WINDOWS\system32\CT20XUT.DLL
09:20:51.0484 3120 CT20XUT.DLL - ok
09:20:51.0531 3120 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
09:20:51.0531 3120 ctac32k - ok
09:20:51.0578 3120 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
09:20:51.0593 3120 ctaud2k - ok
09:20:51.0640 3120 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
09:20:51.0656 3120 CTAUDFX - ok
09:20:51.0703 3120 CTAUDFX.DLL (519eabe1cdd2342fff6648b0189558b5) C:\WINDOWS\system32\CTAUDFX.DLL
09:20:51.0718 3120 CTAUDFX.DLL - ok
09:20:51.0734 3120 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
09:20:51.0734 3120 CTAUDFX.SYS - ok
09:20:51.0781 3120 ctdvda2k (d5e38c394787c1fbfc70e0c50345c25c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:20:51.0781 3120 ctdvda2k - ok
09:20:51.0843 3120 CTEAPSFX.DLL (6d463e3473a09eb9772d9512ffea7e8a) C:\WINDOWS\system32\CTEAPSFX.DLL
09:20:51.0843 3120 CTEAPSFX.DLL - ok
09:20:51.0906 3120 CTEDSPFX.DLL (4fbe0b52297f9e0f001e470d6a213f4a) C:\WINDOWS\system32\CTEDSPFX.DLL
09:20:51.0921 3120 CTEDSPFX.DLL - ok
09:20:51.0937 3120 CTEDSPIO.DLL (e80548b835c9eec32e05db2e89fc812d) C:\WINDOWS\system32\CTEDSPIO.DLL
09:20:51.0953 3120 CTEDSPIO.DLL - ok
09:20:51.0984 3120 CTEDSPSY.DLL (a51bd797ff213a37bb5110f0966c8d22) C:\WINDOWS\system32\CTEDSPSY.DLL
09:20:51.0984 3120 CTEDSPSY.DLL - ok
09:20:52.0046 3120 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
09:20:52.0046 3120 CTERFXFX - ok
09:20:52.0062 3120 CTERFXFX.DLL - ok
09:20:52.0078 3120 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
09:20:52.0078 3120 CTERFXFX.SYS - ok
09:20:52.0187 3120 CTEXFIFX.DLL (053e9c1cf766a57effa6c6240d8f8479) C:\WINDOWS\system32\CTEXFIFX.DLL
09:20:52.0234 3120 CTEXFIFX.DLL - ok
09:20:52.0265 3120 CTHWIUT.DLL (14c514f2a0a9c339d84bbd82042d9a7a) C:\WINDOWS\system32\CTHWIUT.DLL
09:20:52.0265 3120 CTHWIUT.DLL - ok
09:20:52.0312 3120 CTL511Plus (d491f164e6d5ebacbb73e0f85d47e9d9) C:\WINDOWS\system32\DRIVERS\webc3vid.sys
09:20:52.0328 3120 CTL511Plus - ok
09:20:52.0343 3120 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:20:52.0343 3120 ctprxy2k - ok
09:20:52.0421 3120 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
09:20:52.0437 3120 CTSBLFX - ok
09:20:52.0484 3120 CTSBLFX.DLL (9a559c11882a134d1efda87346d51bd0) C:\WINDOWS\system32\CTSBLFX.DLL
09:20:52.0484 3120 CTSBLFX.DLL - ok
09:20:52.0515 3120 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
09:20:52.0515 3120 CTSBLFX.SYS - ok
09:20:52.0546 3120 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:20:52.0546 3120 ctsfm2k - ok
09:20:52.0578 3120 CX23880 (47813edd5bebd250de420d24f7ab37a3) C:\WINDOWS\system32\drivers\cx88vid.sys
09:20:52.0593 3120 CX23880 - ok
09:20:52.0625 3120 CXAVXBAR (8303e99b649dbf80d24e51d9a9c8b707) C:\WINDOWS\system32\drivers\cxavxbar.sys
09:20:52.0625 3120 CXAVXBAR - ok
09:20:52.0656 3120 CXTUNE (ea2eceec41a5e0a1629d791be92b218e) C:\WINDOWS\system32\drivers\CX88TUNE.sys
09:20:52.0656 3120 CXTUNE - ok
09:20:52.0687 3120 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:20:52.0687 3120 dac2w2k - ok
09:20:52.0718 3120 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:20:52.0718 3120 dac960nt - ok
09:20:52.0781 3120 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
09:20:52.0796 3120 Disk - ok
09:20:52.0875 3120 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
09:20:52.0875 3120 dmboot - ok
09:20:52.0937 3120 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:20:52.0937 3120 dmio - ok
09:20:52.0953 3120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:20:52.0953 3120 dmload - ok
09:20:53.0015 3120 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
09:20:53.0031 3120 DMusic - ok
09:20:53.0062 3120 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:20:53.0062 3120 dpti2o - ok
09:20:53.0125 3120 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
09:20:53.0125 3120 drmkaud - ok
09:20:53.0156 3120 dwshd - ok
09:20:53.0187 3120 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:20:53.0187 3120 E100B - ok
09:20:53.0234 3120 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
09:20:53.0234 3120 emupia - ok
09:20:53.0296 3120 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
09:20:53.0296 3120 Fastfat - ok
09:20:53.0359 3120 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:20:53.0359 3120 Fdc - ok
09:20:53.0390 3120 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
09:20:53.0406 3120 Fips - ok
09:20:53.0421 3120 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:20:53.0421 3120 Flpydisk - ok
09:20:53.0484 3120 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
09:20:53.0484 3120 FltMgr - ok
09:20:53.0531 3120 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
09:20:53.0531 3120 FsVga - ok
09:20:53.0546 3120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:20:53.0546 3120 Fs_Rec - ok
09:20:53.0578 3120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:20:53.0578 3120 Ftdisk - ok
09:20:53.0593 3120 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:20:53.0593 3120 gameenum - ok
09:20:53.0656 3120 GemCCID (499b5de36d1a4ebf7ee7daaf9cc29f30) C:\WINDOWS\system32\Drivers\GemCCID.sys
09:20:53.0671 3120 GemCCID - ok
09:20:53.0734 3120 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:20:53.0734 3120 Gpc - ok
09:20:53.0781 3120 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:20:53.0796 3120 ha10kx2k - ok
09:20:53.0812 3120 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
09:20:53.0828 3120 hap16v2k - ok
09:20:53.0906 3120 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
09:20:53.0906 3120 hap17v2k - ok
09:20:53.0968 3120 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:20:53.0968 3120 HidUsb - ok
09:20:54.0000 3120 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:20:54.0000 3120 hpn - ok
09:20:54.0062 3120 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:20:54.0062 3120 HPZid412 - ok
09:20:54.0125 3120 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:20:54.0125 3120 HPZipr12 - ok
09:20:54.0171 3120 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:20:54.0171 3120 HPZius12 - ok
09:20:54.0250 3120 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
09:20:54.0250 3120 HTTP - ok
09:20:54.0296 3120 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\WINDOWS\system32\Drivers\hwinterface.sys
09:20:54.0296 3120 hwinterface - ok
09:20:54.0359 3120 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:20:54.0359 3120 i2omgmt - ok
09:20:54.0406 3120 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:20:54.0406 3120 i2omp - ok
09:20:54.0468 3120 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:20:54.0468 3120 i8042prt - ok
09:20:54.0531 3120 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:20:54.0546 3120 iaStor - ok
09:20:54.0593 3120 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:20:54.0593 3120 Imapi - ok
09:20:54.0625 3120 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:20:54.0640 3120 ini910u - ok
09:20:54.0687 3120 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:20:54.0687 3120 IntelIde - ok
09:20:54.0718 3120 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:20:54.0718 3120 intelppm - ok
09:20:54.0781 3120 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
09:20:54.0781 3120 Ip6Fw - ok
09:20:54.0812 3120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:20:54.0812 3120 IpFilterDriver - ok
09:20:54.0875 3120 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:20:54.0875 3120 IpInIp - ok
09:20:54.0906 3120 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:20:54.0906 3120 IpNat - ok
09:20:54.0953 3120 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:20:54.0953 3120 IPSec - ok
09:20:54.0984 3120 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:20:54.0984 3120 IRENUM - ok
09:20:55.0031 3120 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:20:55.0031 3120 isapnp - ok
09:20:55.0078 3120 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:20:55.0078 3120 Kbdclass - ok
09:20:55.0125 3120 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:20:55.0125 3120 kbdhid - ok
09:20:55.0171 3120 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
09:20:55.0187 3120 kmixer - ok
09:20:55.0234 3120 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
09:20:55.0234 3120 KSecDD - ok
09:20:55.0265 3120 lbrtfdc - ok
09:20:55.0343 3120 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
09:20:55.0343 3120 MarvinBus - ok
09:20:55.0359 3120 MEMSWEEP2 - ok
09:20:55.0390 3120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:20:55.0390 3120 mnmdd - ok
09:20:55.0421 3120 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
09:20:55.0421 3120 Modem - ok
09:20:55.0453 3120 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:20:55.0453 3120 MODEMCSA - ok
09:20:55.0515 3120 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
09:20:55.0515 3120 motccgp - ok
09:20:55.0562 3120 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
09:20:55.0578 3120 motccgpfl - ok
09:20:55.0625 3120 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys
09:20:55.0625 3120 MotDev - ok
09:20:55.0687 3120 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
09:20:55.0718 3120 motmodem - ok
09:20:55.0750 3120 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
09:20:55.0750 3120 motport - ok
09:20:55.0812 3120 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:20:55.0812 3120 Mouclass - ok
09:20:55.0859 3120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:20:55.0859 3120 mouhid - ok
09:20:55.0875 3120 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
09:20:55.0875 3120 MountMgr - ok
09:20:55.0890 3120 mqdmbus - ok
09:20:55.0906 3120 mqdmmdfl - ok
09:20:55.0921 3120 mqdmmdm - ok
09:20:55.0953 3120 mqdmserd - ok
09:20:55.0984 3120 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:20:55.0984 3120 mraid35x - ok
09:20:56.0015 3120 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:20:56.0031 3120 MRxDAV - ok
09:20:56.0062 3120 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:20:56.0062 3120 MRxSmb - ok
09:20:56.0093 3120 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
09:20:56.0093 3120 Msfs - ok
09:20:56.0156 3120 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:20:56.0156 3120 MSKSSRV - ok
09:20:56.0203 3120 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:20:56.0203 3120 MSPCLOCK - ok
09:20:56.0234 3120 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
09:20:56.0234 3120 MSPQM - ok
09:20:56.0265 3120 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:20:56.0265 3120 mssmbios - ok
09:20:56.0328 3120 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
09:20:56.0328 3120 MSTEE - ok
09:20:56.0390 3120 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
09:20:56.0390 3120 Mup - ok
09:20:56.0453 3120 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:20:56.0453 3120 NABTSFEC - ok
09:20:56.0515 3120 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
09:20:56.0515 3120 NaiFiltr - ok
09:20:56.0546 3120 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
09:20:56.0546 3120 NDIS - ok
09:20:56.0609 3120 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:20:56.0609 3120 NdisIP - ok
09:20:56.0640 3120 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:20:56.0640 3120 NdisTapi - ok
09:20:56.0687 3120 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:20:56.0687 3120 Ndisuio - ok
09:20:56.0750 3120 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:20:56.0750 3120 NdisWan - ok
09:20:56.0781 3120 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
09:20:56.0796 3120 NDProxy - ok
09:20:56.0843 3120 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:20:56.0843 3120 NetBIOS - ok
09:20:56.0875 3120 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:20:56.0875 3120 NetBT - ok
09:20:56.0953 3120 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:20:56.0953 3120 NIC1394 - ok
09:20:56.0984 3120 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
09:20:56.0984 3120 nm - ok
09:20:57.0046 3120 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
09:20:57.0046 3120 NPF - ok
09:20:57.0109 3120 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
09:20:57.0109 3120 Npfs - ok
09:20:57.0156 3120 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
09:20:57.0156 3120 Ntfs - ok
09:20:57.0203 3120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:20:57.0203 3120 Null - ok
09:20:57.0296 3120 nv (aaa6daac20c08fda35498515ad6c69c3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:20:57.0312 3120 nv - ok
09:20:57.0328 3120 nvport - ok
09:20:57.0390 3120 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
09:20:58.0343 3120 NVR0Dev - ok
09:20:58.0453 3120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:20:58.0453 3120 NwlnkFlt - ok
09:20:58.0515 3120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:20:58.0515 3120 NwlnkFwd - ok
09:20:58.0562 3120 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
09:20:58.0562 3120 NwlnkIpx - ok
09:20:58.0578 3120 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
09:20:58.0578 3120 NwlnkNb - ok
09:20:58.0609 3120 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
09:20:58.0609 3120 NwlnkSpx - ok
09:20:58.0656 3120 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:20:58.0656 3120 ohci1394 - ok
09:20:58.0703 3120 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:20:58.0703 3120 omci - ok
09:20:58.0734 3120 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
09:20:58.0750 3120 ossrv - ok
09:20:58.0812 3120 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
09:20:58.0812 3120 Parport - ok
09:20:58.0843 3120 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
09:20:58.0843 3120 PartMgr - ok
09:20:58.0875 3120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:20:58.0890 3120 ParVdm - ok
09:20:58.0937 3120 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
09:20:58.0937 3120 PCI - ok
09:20:58.0953 3120 PCIDump - ok
09:20:58.0984 3120 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:20:58.0984 3120 PCIIde - ok
09:20:59.0031 3120 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
09:20:59.0046 3120 PCLEPCI - ok
09:20:59.0109 3120 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:20:59.0109 3120 Pcmcia - ok
09:20:59.0171 3120 PDCOMP - ok
09:20:59.0203 3120 PDFRAME - ok
09:20:59.0218 3120 PDRELI - ok
09:20:59.0250 3120 PDRFRAME - ok
09:20:59.0265 3120 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:20:59.0281 3120 perc2 - ok
09:20:59.0312 3120 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:20:59.0312 3120 perc2hib - ok
09:20:59.0375 3120 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
09:20:59.0390 3120 pfc - ok
09:20:59.0421 3120 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
09:20:59.0437 3120 PfModNT - ok
09:20:59.0500 3120 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:20:59.0500 3120 PptpMiniport - ok
09:20:59.0515 3120 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
09:20:59.0531 3120 PSched - ok
09:20:59.0578 3120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:20:59.0578 3120 Ptilink - ok
09:20:59.0640 3120 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:20:59.0640 3120 PxHelp20 - ok
09:20:59.0703 3120 QCAbsee (7835ccedeed078a8bc48fe91961ab9a6) C:\WINDOWS\system32\DRIVERS\OVCA.sys
09:20:59.0703 3120 QCAbsee - ok
09:20:59.0750 3120 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:20:59.0750 3120 ql1080 - ok
09:20:59.0781 3120 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:20:59.0781 3120 Ql10wnt - ok
09:20:59.0812 3120 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:20:59.0812 3120 ql12160 - ok
09:20:59.0828 3120 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:20:59.0828 3120 ql1240 - ok
09:20:59.0859 3120 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:20:59.0859 3120 ql1280 - ok
09:20:59.0875 3120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:20:59.0875 3120 RasAcd - ok
09:20:59.0937 3120 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:20:59.0937 3120 Rasl2tp - ok
09:20:59.0953 3120 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:20:59.0968 3120 RasPppoe - ok
09:20:59.0984 3120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:20:59.0984 3120 Raspti - ok
09:21:00.0046 3120 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:21:00.0062 3120 Rdbss - ok
09:21:00.0078 3120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:21:00.0078 3120 RDPCDD - ok
09:21:00.0125 3120 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:21:00.0125 3120 rdpdr - ok
09:21:00.0218 3120 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
09:21:00.0218 3120 RDPWD - ok
09:21:00.0281 3120 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:21:00.0281 3120 redbook - ok
09:21:00.0312 3120 RkHit - ok
09:21:00.0343 3120 rt2870 - ok
09:21:00.0500 3120 SASDIFSV (39763504067962108505bff25f024345) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
09:21:00.0500 3120 SASDIFSV - ok
09:21:00.0515 3120 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
09:21:00.0515 3120 SASKUTIL - ok
09:21:00.0546 3120 Scutum50 - ok
09:21:00.0593 3120 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:21:00.0593 3120 Secdrv - ok
09:21:00.0671 3120 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:21:00.0687 3120 senfilt - ok
09:21:00.0765 3120 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:21:00.0765 3120 serenum - ok
09:21:00.0796 3120 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
09:21:00.0796 3120 Serial - ok
09:21:00.0859 3120 SetupSys (edbecd7f71e40521c8685f0b1f96d3a0) C:\WINDOWS\system32\drivers\SetupSys.sys
09:21:00.0859 3120 SetupSys - ok
09:21:00.0906 3120 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:21:00.0906 3120 Sfloppy - ok
09:21:00.0968 3120 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
09:21:00.0968 3120 SilverLink - ok
09:21:00.0984 3120 Simbad - ok
09:21:01.0046 3120 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:21:01.0046 3120 sisagp - ok
09:21:01.0109 3120 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:21:01.0109 3120 SLIP - ok
09:21:01.0187 3120 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
09:21:01.0187 3120 smwdm - ok
09:21:01.0250 3120 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:21:01.0250 3120 SONYPVU1 - ok
09:21:01.0281 3120 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:21:01.0281 3120 Sparrow - ok
09:21:01.0343 3120 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
09:21:01.0343 3120 splitter - ok
09:21:01.0375 3120 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
09:21:01.0390 3120 sr - ok
09:21:01.0437 3120 SRS_SSCFilter (009618405f788414d7ead8bb9e6b03c3) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
09:21:01.0453 3120 SRS_SSCFilter - ok
09:21:01.0515 3120 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
09:21:01.0515 3120 Srv - ok
09:21:01.0562 3120 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:21:01.0562 3120 StillCam - ok
09:21:01.0609 3120 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:21:01.0609 3120 streamip - ok
09:21:01.0656 3120 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:21:01.0656 3120 swenum - ok
09:21:01.0703 3120 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
09:21:01.0703 3120 swmidi - ok
09:21:01.0765 3120 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:21:01.0765 3120 symc810 - ok
09:21:01.0796 3120 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:21:01.0796 3120 symc8xx - ok
09:21:01.0828 3120 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:21:01.0828 3120 sym_hi - ok
09:21:01.0843 3120 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:21:01.0843 3120 sym_u3 - ok
09:21:01.0906 3120 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
09:21:01.0906 3120 sysaudio - ok
09:21:01.0968 3120 tbhsd (8fe2cdaa802e3e81102020d475cd7e68) C:\WINDOWS\system32\drivers\tbhsd.sys
09:21:01.0968 3120 tbhsd - ok
09:21:02.0031 3120 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:21:02.0031 3120 Tcpip - ok
09:21:02.0093 3120 Tcpip6 (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
09:21:02.0093 3120 Tcpip6 - ok
09:21:02.0156 3120 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:21:02.0156 3120 TDPIPE - ok
09:21:02.0171 3120 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
09:21:02.0187 3120 TDTCP - ok
09:21:02.0218 3120 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:21:02.0218 3120 TermDD - ok
09:21:02.0281 3120 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
09:21:02.0281 3120 tmcomm - ok
09:21:02.0312 3120 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:21:02.0312 3120 TosIde - ok
09:21:02.0375 3120 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:21:02.0375 3120 tunmp - ok
09:21:02.0437 3120 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
09:21:02.0437 3120 Udfs - ok
09:21:02.0484 3120 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:21:02.0484 3120 ultra - ok
09:21:02.0546 3120 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
09:21:02.0546 3120 Update - ok
09:21:02.0609 3120 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
09:21:02.0609 3120 usbaudio - ok
09:21:02.0671 3120 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:21:02.0671 3120 usbbus - ok
09:21:02.0734 3120 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:21:02.0734 3120 usbccgp - ok
09:21:02.0781 3120 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:21:02.0781 3120 UsbDiag - ok
09:21:02.0843 3120 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:21:02.0843 3120 usbehci - ok
09:21:02.0890 3120 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:21:02.0906 3120 usbhub - ok
09:21:02.0953 3120 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:21:02.0953 3120 USBModem - ok
09:21:03.0015 3120 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:21:03.0015 3120 usbprint - ok
09:21:03.0031 3120 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:21:03.0046 3120 usbscan - ok
09:21:03.0109 3120 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
09:21:03.0109 3120 usbser - ok
09:21:03.0156 3120 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
09:21:03.0156 3120 usbsermpt - ok
09:21:03.0187 3120 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:21:03.0187 3120 USBSTOR - ok
09:21:03.0250 3120 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:21:03.0250 3120 usbuhci - ok
09:21:03.0312 3120 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
09:21:03.0312 3120 VgaSave - ok
09:21:03.0359 3120 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:21:03.0359 3120 viaagp - ok
09:21:03.0421 3120 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:21:03.0421 3120 ViaIde - ok
09:21:03.0484 3120 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
09:21:03.0484 3120 VolSnap - ok
09:21:03.0562 3120 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:21:03.0562 3120 Wanarp - ok
09:21:03.0625 3120 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:21:03.0640 3120 Wdf01000 - ok
09:21:03.0656 3120 WDICA - ok
09:21:03.0703 3120 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
09:21:03.0703 3120 wdmaud - ok
09:21:03.0843 3120 WFIOCTL (9bc98a4e3401d52ed860cf883ccb7478) C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
09:21:03.0859 3120 WFIOCTL - ok
09:21:03.0906 3120 WIBUKEY (09ebc00530cc3493df55219d0da5e03a) C:\WINDOWS\system32\DRIVERS\Wibukey.sys
09:21:03.0906 3120 WIBUKEY - ok
09:21:03.0984 3120 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\WINDOWS\system32\drivers\windrvr6.sys
09:21:03.0984 3120 WinDriver6 - ok
09:21:04.0109 3120 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:21:04.0109 3120 WpdUsb - ok
09:21:04.0187 3120 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:21:04.0187 3120 WSTCODEC - ok
09:21:04.0250 3120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:21:04.0250 3120 WudfPf - ok
09:21:04.0281 3120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:21:04.0281 3120 WudfRd - ok
09:21:04.0328 3120 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
09:21:04.0468 3120 \Device\Harddisk0\DR0 - ok
09:21:04.0484 3120 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR6
09:21:04.0500 3120 \Device\Harddisk1\DR6 - ok
09:21:04.0515 3120 Boot (0x1200) (14a116ead347d91f8b84a1a2e54f9656) \Device\Harddisk0\DR0\Partition0
09:21:04.0515 3120 \Device\Harddisk0\DR0\Partition0 - ok
09:21:04.0515 3120 Boot (0x1200) (6b157f263917768919a996bfd5ed9076) \Device\Harddisk1\DR6\Partition0
09:21:04.0515 3120 \Device\Harddisk1\DR6\Partition0 - ok
09:21:04.0515 3120 ============================================================
09:21:04.0515 3120 Scan finished
09:21:04.0515 3120 ============================================================
09:21:04.0531 3260 Detected object count: 0
09:21:04.0531 3260 Actual detected object count: 0
09:21:17.0859 3144 Deinitialize success

Edited by farbar, 05 November 2011 - 08:46 AM.
Edited to open the logs.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 05 November 2011 - 08:40 AM

Please before we proceed I would like to make sure you read all my post.

Also pleas copy and paste the logs to your reply. Please attach the log if any log is too big or requested to be attached.

It really makes my job much easier to scroll through the log.

Also please don't post any other log or result unless requested.

Thanks for understanding.:)

#8 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 November 2011 - 09:37 AM

okay, noted. will note in the future.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 05 November 2011 - 09:44 AM

Thanks you.:)

We will approach this step by step. If you remain on line I have about one hour time now to do a couple of things before I go out for today.

Please download and transfer it to infected computer.
Double-click and confirm to allow it to merge.
Reboot the computer. Use Firefox and see if you have connection.

Edited by farbar, 05 November 2011 - 09:45 AM.
Typo


#10 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 November 2011 - 03:28 PM

Farbar,

Thanks. There seems to be connection now.
What else am I supposed to do now?

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 05 November 2011 - 06:50 PM

Great. :thumbsup:

We have still some work to do.

We are going to turn off some of the errors by disabling some programs. We will enable them later on.

  • Please download
    Double-click it and confirm.
  • Restart. Please tell me if you see any difference. We will fix one of the errors next round.
  • We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
    Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&echo.End of Scan >>log.txt&log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.


#12 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 November 2011 - 10:03 PM

1. Done
2. Not much difference (same feeds sync and spi errors, and the msconfig notice), except there seems to be an extra msfeedssync.exe 0x77d4bbcd error.
3.


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

.\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

..

...

...

...

...

...

...

...

...

..End of Scan

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:32 AM

Posted 06 November 2011 - 06:39 AM

We check the system, install Internet Explorer 7. Again check the system and at the end install SP3.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please Download Internet Explorer 7 and install it. Reboot and tell me if Microsoft Feeds Synchronization is gone.


#14 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 06 November 2011 - 03:56 PM

1. Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8098

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/6/2011 3:52:28 PM
mbam-log-2011-11-06 (15-52-28).txt

Scan type: Quick scan
Objects scanned: 242076
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2. In progress. Will do right now.

#15 John Jackhammers

John Jackhammers
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 06 November 2011 - 04:33 PM

2. Reboot and tell me if Microsoft Feeds Synchronization is gone.
It is gone for now.
Before I go ahead with SP3 installation, there is an SPI error, and should I disable the System Configuration Utility window with the check box?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users