Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent/gen-... corrupted Ghost images twice now


  • Please log in to reply
29 replies to this topic

#1 azdonw

azdonw

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 23 November 2011 - 05:19 PM

This has happened to my computer twice now. I'll be surfing the Web, and all of a sudden pop-ups will show up all over, and I have to reboot. When I do, my computer does not reboot to Windows XP. When I try to reinstall an image from Norton Ghost, Ghost tries, but all images are corrupted. I then install the hard drive from my wife's PC and use Ghost to re-image my PC..back to 20010 - argh! And then, after running Avira it finds two trojans: TR/Graftor.36491 in two places. SuperAntiSpyware finds Trojan.Agent/Gen-banload in one location. They both say they cleaned it up, but after a few months it happens again (the whole corrupted Ghost images and all). I'm tired of going back to 2010! Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 01 December 2011 - 06:41 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 02 December 2011 - 04:06 PM

Thanks. Here's the GMER log. I'll have to run the other later:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-02 09:36:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006c WDC_WD3200AAKS-00V1A0 rev.05.01D05
Running: w33pbzr4.exe; Driver: C:\DOCUME~1\dwitt\LOCALS~1\Temp\uxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT 96DB4EDC ZwClose
SSDT 96DB4E96 ZwCreateKey
SSDT 96DB4EE6 ZwCreateSection
SSDT 96DB4E8C ZwCreateThread
SSDT 96DB4E9B ZwDeleteKey
SSDT 96DB4EA5 ZwDeleteValueKey
SSDT 96DB4ED7 ZwDuplicateObject
SSDT 96DB4EAA ZwLoadKey
SSDT 96DB4E78 ZwOpenProcess
SSDT 96DB4E7D ZwOpenThread
SSDT 96DB4EB4 ZwReplaceKey
SSDT 96DB4EAF ZwRestoreKey
SSDT 96DB4EEB ZwSetContextThread
SSDT 96DB4EA0 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9AC03620]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1920] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[4024] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

---- EOF - GMER 1.0.15 ----

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 02 December 2011 - 04:19 PM

Perform the other scans

#5 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 01:44 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8301

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/03/2011 7:41:33 PM
mbam-log-2011-12-03 (19-41-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 539275
Time elapsed: 1 hour(s), 40 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2011 at 11:38 PM

Application Version : 4.56.1000

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type : Complete Scan
Total Scan Time : 01:10:40

Memory items scanned : 683
Memory threats detected : 0
Registry items scanned : 10210
Registry threats detected : 0
File items scanned : 38463
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\dwitt\Cookies\dwitt@apmebf[2].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@questionmarket[4].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@revsci[4].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@adbrite[3].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@invitemedia[1].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@apmebf[4].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@a1.interclick[3].txt
C:\Documents and Settings\dwitt\Cookies\dwitt@smartadserver[3].txt
ad.insightexpressai.com [ C:\Documents and Settings\dwitt\Application Data\Macromedia\Flash Player\#SharedObjects\LHK5NX27 ]
www.soundclick.com [ C:\Documents and Settings\dwitt\Application Data\Macromedia\Flash Player\#SharedObjects\LHK5NX27 ]

#6 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 01:48 PM

Strangely enough, while MBAM was running, my Avira Web guard saw something:
Virus or unwanted program 'EXP/CVE-2010-4452.CB [exploit]'
detected in file 'C:\Documents and Settings\dwitt\Application Data\Sun\Java\Deployment\cache\6.0\30\237a839e-254bbafe.
Action performed: Deny access

Virus or unwanted program 'EXP/CVE-2010-4452.CB [exploit]'
detected in file 'C:\Documents and Settings\dwitt\Application Data\Sun\Java\Deployment\cache\6.0\30\237a839e-63877716.
Action performed: Deny access

And then last night, Avira scan found this:
The file 'C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177616542jtun_norton_ghost_10.0_en_10_03.zip.full.zip'
contained a virus or unwanted program 'TR/Crypt.EPACK.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '592216c9.qua'.

The file 'C:\Documents and Settings\dwitt\Local Settings\Temp\jar_cache5128367479809300633.tmp'
contained a virus or unwanted program 'EXP/CVE-2010-0840.FM' [exploit]
Action(s) taken:
The file was moved to the quarantine directory under the name '41ea3abe.qua'.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 04 December 2011 - 01:49 PM

Can you please download TDSSKiller and run it, but if it asks you to fix anything please DO NOT FIX ANY ISSUES and post the log.

#8 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 02:57 PM

Thanks, Dan. Here it is:
12:55:27.0233 0980 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:55:27.0686 0980 ============================================================
12:55:27.0686 0980 Current date / time: 2011/12/04 12:55:27.0686
12:55:27.0686 0980 SystemInfo:
12:55:27.0686 0980
12:55:27.0686 0980 OS Version: 5.1.2600 ServicePack: 3.0
12:55:27.0686 0980 Product type: Workstation
12:55:27.0686 0980 ComputerName: AMD3700
12:55:27.0686 0980 UserName: dwitt
12:55:27.0686 0980 Windows directory: C:\WINDOWS
12:55:27.0686 0980 System windows directory: C:\WINDOWS
12:55:27.0686 0980 Processor architecture: Intel x86
12:55:27.0686 0980 Number of processors: 1
12:55:27.0686 0980 Page size: 0x1000
12:55:27.0686 0980 Boot type: Normal boot
12:55:27.0686 0980 ============================================================
12:55:28.0046 0980 Initialize success
12:55:30.0358 3860 ============================================================
12:55:30.0358 3860 Scan started
12:55:30.0358 3860 Mode: Manual;
12:55:30.0358 3860 ============================================================
12:55:30.0780 3860 A3AB (507519bea78f77cfd42939984bd16400) C:\WINDOWS\system32\DRIVERS\A3AB.sys
12:55:30.0811 3860 A3AB - ok
12:55:30.0827 3860 Abiosdsk - ok
12:55:30.0842 3860 abp480n5 - ok
12:55:30.0905 3860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:55:30.0905 3860 ACPI - ok
12:55:30.0967 3860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:55:30.0983 3860 ACPIEC - ok
12:55:30.0999 3860 adpu160m - ok
12:55:31.0061 3860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:55:31.0077 3860 aec - ok
12:55:31.0139 3860 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:55:31.0155 3860 AFD - ok
12:55:31.0171 3860 Aha154x - ok
12:55:31.0186 3860 aic78u2 - ok
12:55:31.0217 3860 aic78xx - ok
12:55:31.0374 3860 ALCXWDM (36223c0ff66afd94d1d73fcb8fdfe91e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:55:31.0452 3860 ALCXWDM - ok
12:55:31.0483 3860 AliIde - ok
12:55:31.0546 3860 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:55:31.0561 3860 AmdK8 - ok
12:55:31.0577 3860 amsint - ok
12:55:31.0624 3860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:55:31.0639 3860 Arp1394 - ok
12:55:31.0655 3860 asc - ok
12:55:31.0671 3860 asc3350p - ok
12:55:31.0686 3860 asc3550 - ok
12:55:31.0733 3860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:55:31.0733 3860 AsyncMac - ok
12:55:31.0780 3860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
12:55:31.0780 3860 atapi - ok
12:55:31.0796 3860 Atdisk - ok
12:55:31.0874 3860 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:55:31.0967 3860 ati2mtag - ok
12:55:31.0999 3860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:55:32.0014 3860 Atmarpc - ok
12:55:32.0092 3860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:55:32.0092 3860 audstub - ok
12:55:32.0233 3860 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:55:32.0233 3860 avgio - ok
12:55:32.0280 3860 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:55:32.0280 3860 avgntflt - ok
12:55:32.0311 3860 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:55:32.0327 3860 avipbb - ok
12:55:32.0358 3860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:55:32.0358 3860 Beep - ok
12:55:32.0405 3860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:55:32.0405 3860 cbidf2k - ok
12:55:32.0436 3860 cd20xrnt - ok
12:55:32.0467 3860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:55:32.0467 3860 Cdaudio - ok
12:55:32.0483 3860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:55:32.0499 3860 Cdfs - ok
12:55:32.0546 3860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:55:32.0546 3860 Cdrom - ok
12:55:32.0561 3860 Changer - ok
12:55:32.0608 3860 CmdIde - ok
12:55:32.0639 3860 Cpqarray - ok
12:55:32.0655 3860 dac2w2k - ok
12:55:32.0671 3860 dac960nt - ok
12:55:32.0702 3860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:55:32.0702 3860 Disk - ok
12:55:32.0764 3860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:55:32.0780 3860 dmboot - ok
12:55:32.0811 3860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:55:32.0811 3860 dmio - ok
12:55:32.0842 3860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:55:32.0842 3860 dmload - ok
12:55:32.0874 3860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:55:32.0889 3860 DMusic - ok
12:55:32.0921 3860 dpti2o - ok
12:55:32.0952 3860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:55:32.0967 3860 drmkaud - ok
12:55:33.0030 3860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:55:33.0030 3860 Fastfat - ok
12:55:33.0077 3860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:55:33.0077 3860 Fdc - ok
12:55:33.0139 3860 FHSUSB20 (f3de8dcad2229bdd0018f0cdea842bc5) C:\WINDOWS\system32\Drivers\fhsusb20.sys
12:55:33.0139 3860 FHSUSB20 - ok
12:55:33.0155 3860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:55:33.0171 3860 Fips - ok
12:55:33.0202 3860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:55:33.0202 3860 Flpydisk - ok
12:55:33.0217 3860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:55:33.0233 3860 FltMgr - ok
12:55:33.0249 3860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:55:33.0249 3860 Fs_Rec - ok
12:55:33.0264 3860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:55:33.0280 3860 Ftdisk - ok
12:55:33.0296 3860 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
12:55:33.0311 3860 GearAspiWDM - ok
12:55:33.0327 3860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:55:33.0342 3860 Gpc - ok
12:55:33.0358 3860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:55:33.0374 3860 HidUsb - ok
12:55:33.0389 3860 hpn - ok
12:55:33.0452 3860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:55:33.0467 3860 HTTP - ok
12:55:33.0499 3860 i2omgmt - ok
12:55:33.0514 3860 i2omp - ok
12:55:33.0546 3860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:55:33.0561 3860 i8042prt - ok
12:55:33.0608 3860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:55:33.0624 3860 Imapi - ok
12:55:33.0639 3860 ini910u - ok
12:55:33.0655 3860 IntelIde - ok
12:55:33.0717 3860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:55:33.0717 3860 Ip6Fw - ok
12:55:33.0749 3860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:33.0764 3860 IpFilterDriver - ok
12:55:33.0780 3860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:55:33.0780 3860 IpInIp - ok
12:55:33.0811 3860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:55:33.0827 3860 IpNat - ok
12:55:33.0874 3860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:55:33.0874 3860 IPSec - ok
12:55:33.0905 3860 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
12:55:33.0921 3860 irda - ok
12:55:33.0967 3860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:55:33.0967 3860 IRENUM - ok
12:55:33.0983 3860 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
12:55:33.0999 3860 irsir - ok
12:55:34.0046 3860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:55:34.0046 3860 isapnp - ok
12:55:34.0077 3860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:55:34.0108 3860 Kbdclass - ok
12:55:34.0139 3860 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:55:34.0139 3860 kbdhid - ok
12:55:34.0186 3860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:55:34.0186 3860 kmixer - ok
12:55:34.0233 3860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:55:34.0233 3860 KSecDD - ok
12:55:34.0249 3860 lbrtfdc - ok
12:55:34.0311 3860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:55:34.0327 3860 mnmdd - ok
12:55:34.0358 3860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:55:34.0358 3860 Modem - ok
12:55:34.0389 3860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:55:34.0389 3860 Mouclass - ok
12:55:34.0421 3860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:55:34.0421 3860 mouhid - ok
12:55:34.0452 3860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:55:34.0452 3860 MountMgr - ok
12:55:34.0467 3860 mraid35x - ok
12:55:34.0483 3860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:55:34.0483 3860 MRxDAV - ok
12:55:34.0514 3860 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:34.0530 3860 MRxSmb - ok
12:55:34.0546 3860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:55:34.0546 3860 Msfs - ok
12:55:34.0577 3860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:34.0592 3860 MSKSSRV - ok
12:55:34.0624 3860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:34.0624 3860 MSPCLOCK - ok
12:55:34.0655 3860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:34.0655 3860 MSPQM - ok
12:55:34.0686 3860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:55:34.0702 3860 mssmbios - ok
12:55:34.0717 3860 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:55:34.0717 3860 Mup - ok
12:55:34.0749 3860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:55:34.0764 3860 NDIS - ok
12:55:34.0780 3860 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:34.0780 3860 NdisTapi - ok
12:55:34.0827 3860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:34.0827 3860 Ndisuio - ok
12:55:34.0858 3860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:34.0858 3860 NdisWan - ok
12:55:34.0874 3860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:34.0889 3860 NDProxy - ok
12:55:34.0936 3860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:34.0936 3860 NetBIOS - ok
12:55:34.0983 3860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:34.0999 3860 NetBT - ok
12:55:35.0046 3860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:55:35.0046 3860 NIC1394 - ok
12:55:35.0092 3860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:55:35.0092 3860 Npfs - ok
12:55:35.0155 3860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:35.0155 3860 Ntfs - ok
12:55:35.0217 3860 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:55:35.0217 3860 NuidFltr - ok
12:55:35.0249 3860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:55:35.0249 3860 Null - ok
12:55:35.0280 3860 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:55:35.0280 3860 nvata - ok
12:55:35.0296 3860 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys
12:55:35.0296 3860 nvatabus - ok
12:55:35.0342 3860 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:55:35.0342 3860 NVENETFD - ok
12:55:35.0389 3860 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:55:35.0389 3860 nvnetbus - ok
12:55:35.0405 3860 nvraid (9c8a8e00648eaf7a1d794f7cfb25a6b4) C:\WINDOWS\system32\drivers\nvraid.sys
12:55:35.0405 3860 nvraid - ok
12:55:35.0452 3860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:55:35.0452 3860 NwlnkFlt - ok
12:55:35.0483 3860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:55:35.0499 3860 NwlnkFwd - ok
12:55:35.0514 3860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:55:35.0514 3860 ohci1394 - ok
12:55:35.0577 3860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:55:35.0592 3860 Parport - ok
12:55:35.0639 3860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:55:35.0639 3860 PartMgr - ok
12:55:35.0671 3860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:55:35.0671 3860 ParVdm - ok
12:55:35.0702 3860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:55:35.0702 3860 PCI - ok
12:55:35.0717 3860 PCIDump - ok
12:55:35.0733 3860 PCIIde - ok
12:55:35.0796 3860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:55:35.0811 3860 Pcmcia - ok
12:55:35.0827 3860 PDCOMP - ok
12:55:35.0842 3860 PDFRAME - ok
12:55:35.0858 3860 PDRELI - ok
12:55:35.0874 3860 PDRFRAME - ok
12:55:35.0889 3860 perc2 - ok
12:55:35.0921 3860 perc2hib - ok
12:55:35.0967 3860 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys
12:55:35.0967 3860 Point32 - ok
12:55:35.0999 3860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:36.0014 3860 PptpMiniport - ok
12:55:36.0046 3860 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:55:36.0061 3860 Processor - ok
12:55:36.0077 3860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:36.0092 3860 PSched - ok
12:55:36.0108 3860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:36.0108 3860 Ptilink - ok
12:55:36.0124 3860 ql1080 - ok
12:55:36.0155 3860 Ql10wnt - ok
12:55:36.0171 3860 ql12160 - ok
12:55:36.0186 3860 ql1240 - ok
12:55:36.0202 3860 ql1280 - ok
12:55:36.0233 3860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:36.0233 3860 RasAcd - ok
12:55:36.0264 3860 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:55:36.0264 3860 Rasirda - ok
12:55:36.0280 3860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:36.0296 3860 Rasl2tp - ok
12:55:36.0311 3860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:36.0327 3860 RasPppoe - ok
12:55:36.0342 3860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:36.0342 3860 Raspti - ok
12:55:36.0405 3860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:36.0405 3860 Rdbss - ok
12:55:36.0421 3860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:36.0421 3860 RDPCDD - ok
12:55:36.0452 3860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:55:36.0467 3860 rdpdr - ok
12:55:36.0546 3860 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:36.0546 3860 RDPWD - ok
12:55:36.0608 3860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:36.0624 3860 redbook - ok
12:55:36.0796 3860 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:55:36.0796 3860 SASDIFSV - ok
12:55:36.0811 3860 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
12:55:36.0827 3860 SASENUM - ok
12:55:36.0842 3860 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
12:55:36.0858 3860 SASKUTIL - ok
12:55:36.0889 3860 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:55:36.0889 3860 sbp2port - ok
12:55:36.0952 3860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:36.0952 3860 Secdrv - ok
12:55:37.0014 3860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:55:37.0014 3860 serenum - ok
12:55:37.0046 3860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:55:37.0061 3860 Serial - ok
12:55:37.0092 3860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:37.0092 3860 Sfloppy - ok
12:55:37.0124 3860 Simbad - ok
12:55:37.0155 3860 Sparrow - ok
12:55:37.0202 3860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:37.0202 3860 splitter - ok
12:55:37.0249 3860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:37.0249 3860 sr - ok
12:55:37.0280 3860 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:37.0296 3860 Srv - ok
12:55:37.0342 3860 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:55:37.0342 3860 ssmdrv - ok
12:55:37.0389 3860 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:55:37.0389 3860 StillCam - ok
12:55:37.0421 3860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:37.0421 3860 swenum - ok
12:55:37.0436 3860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:37.0436 3860 swmidi - ok
12:55:37.0467 3860 symc810 - ok
12:55:37.0483 3860 symc8xx - ok
12:55:37.0530 3860 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
12:55:37.0546 3860 symlcbrd - ok
12:55:37.0561 3860 SymSnap (b8fae6b464d9a2abeb0c80fb03ee5f96) C:\WINDOWS\system32\drivers\SymSnap.sys
12:55:37.0561 3860 SymSnap - ok
12:55:37.0577 3860 sym_hi - ok
12:55:37.0592 3860 sym_u3 - ok
12:55:37.0624 3860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:37.0624 3860 sysaudio - ok
12:55:37.0717 3860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:37.0733 3860 Tcpip - ok
12:55:37.0780 3860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:37.0780 3860 TDPIPE - ok
12:55:37.0827 3860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:37.0827 3860 TDTCP - ok
12:55:37.0858 3860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:37.0874 3860 TermDD - ok
12:55:37.0905 3860 TosIde - ok
12:55:37.0967 3860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:37.0967 3860 Udfs - ok
12:55:37.0983 3860 ultra - ok
12:55:38.0014 3860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:55:38.0030 3860 Update - ok
12:55:38.0092 3860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:55:38.0092 3860 usbehci - ok
12:55:38.0124 3860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:55:38.0124 3860 usbhub - ok
12:55:38.0171 3860 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:55:38.0186 3860 usbohci - ok
12:55:38.0233 3860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:55:38.0233 3860 usbprint - ok
12:55:38.0280 3860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:55:38.0296 3860 usbscan - ok
12:55:38.0358 3860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:55:38.0358 3860 USBSTOR - ok
12:55:38.0389 3860 V2IMount (b413e1467c92a65610166c932877e147) C:\WINDOWS\system32\drivers\V2IMount.sys
12:55:38.0405 3860 V2IMount - ok
12:55:38.0436 3860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:55:38.0436 3860 VgaSave - ok
12:55:38.0452 3860 ViaIde - ok
12:55:38.0499 3860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:55:38.0499 3860 VolSnap - ok
12:55:38.0561 3860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:38.0561 3860 Wanarp - ok
12:55:38.0608 3860 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:55:38.0639 3860 Wdf01000 - ok
12:55:38.0655 3860 WDICA - ok
12:55:38.0702 3860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:55:38.0717 3860 wdmaud - ok
12:55:38.0811 3860 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:55:38.0811 3860 WpdUsb - ok
12:55:38.0842 3860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:55:38.0842 3860 WS2IFSL - ok
12:55:38.0874 3860 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:55:38.0874 3860 WudfPf - ok
12:55:38.0905 3860 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:55:38.0921 3860 WudfRd - ok
12:55:38.0983 3860 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:55:38.0999 3860 yukonwxp - ok
12:55:39.0061 3860 MBR (0x1B8) (4ca45a43fbeb30fe054df4e97e1e6719) \Device\Harddisk0\DR0
12:55:39.0108 3860 \Device\Harddisk0\DR0 - ok
12:55:39.0124 3860 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
12:55:39.0124 3860 \Device\Harddisk1\DR1 - ok
12:55:39.0139 3860 Boot (0x1200) (1d2f6652c9a611692948b3899a6772d2) \Device\Harddisk0\DR0\Partition0
12:55:39.0139 3860 \Device\Harddisk0\DR0\Partition0 - ok
12:55:39.0155 3860 Boot (0x1200) (32507322ee86cdc7cdb6143209ecce0e) \Device\Harddisk1\DR1\Partition0
12:55:39.0155 3860 \Device\Harddisk1\DR1\Partition0 - ok
12:55:39.0155 3860 ============================================================
12:55:39.0155 3860 Scan finished
12:55:39.0155 3860 ============================================================
12:55:39.0171 3980 Detected object count: 0
12:55:39.0171 3980 Actual detected object count: 0

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 04 December 2011 - 03:16 PM

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#10 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 03:59 PM

Thanks, here it is:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
River Past Video Cleaner
Java 2 Runtime Environment Standard Edition v1.3
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 04 December 2011 - 04:13 PM

Please update Java via going here: http://www.java.com/en/

Also please remove Ad-aware it has been replaced by other more well known applications. Like http://www.malwarebytes.org and http://www.superantispyware.com.

#12 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 04:17 PM

Yeah, I haven't used Adaware in ages. I removed it and installed the new Java version. What next?

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 04 December 2011 - 04:21 PM

download the following: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe and reinstall Norton Ghost and see if that fixes things.

#14 azdonw

azdonw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 04 December 2011 - 04:33 PM

So you think my Ghost may have been corrupted by a virus or something?

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:30 PM

Posted 04 December 2011 - 07:31 PM

It could have been corrupted by anything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users