Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

F-Prot has detected W32/Expiro.X


  • Please log in to reply
13 replies to this topic

#1 LydiaJ

LydiaJ

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 23 December 2011 - 06:18 AM

Hello.

I've been recommended to come here by a friend. I hope you can help me.

I have a laptop running Vista. It has F-Prot installed. Last night it started running very very slowly. It is usually slow while the full system scan is running, but this was worse. A lot worse. I now find that F-Prot (which says it has now been scanning for five and a half hours and is still going) has quarantined two files that it says have W32/Expiro.X infections.

Names and locations of the two files are
C:\Users\Lydia\AppData\LocalLow\Unity\Webplayer\UnityBugReporter.exe
C:\Users\Lydia\AppData\LocalLow\Unity\Webplayer\UnityWebplayerUpdate.exe
I am not aware of having heard of this Unity webplayer - but my son was using the laptop yesterday and I don't know what websites he may have been on.

So far I have closed all browser windows and disconnected the internet connection, although it was connected to the internet for quite some time before I realised what was going on. I am logging in from another computer to ask for advice.

Thank you for your help.

ETA: F-Prot has finally finished its scan. It has not found any other infected files. I cannot tell whether any other files have become infected since the scan began, however.

Edited by LydiaJ, 23 December 2011 - 08:01 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 23 December 2011 - 10:37 PM

Hello,
W32/Expiro.e is a file-infector virus that will look for executable files on victims computer. W32/Expiro.e will append all .exe files by attaching its code to the end of the file. Type Virus Sub Type Win32 Aliases Virus.Win32.Expiro.r, Virus:Win32/Expiro.N, Virus.Win32.Expiro

Expiro.A creates a duplicate file alongside of infected files named with an .IVR extension. This identifies files it has already infected.

Example:
• %windir%\system32\notepad.exe
%windir%\system32\notepad.ivr

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
You can can backup all data except exe files.


How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 24 December 2011 - 04:04 PM

Thank you, your comments and those documents are very helpful.

At present I only have accounts with two banks, but presumably I should also change my passwords for Amazon, Paypal etc as well? I never ever click "yes" when the computer asks me if I want it to remember anything to do with banking, but type in my userid, password etc every time. My current account is with a bank that never asks for the whole password but only for characters 3, 5 and 8, or whatever. Presumably that should make the risk lower? I think the infection is very recent. F-Prot is set up to do a full scan every night that it's still on that late. Unfortunately I can't remember if it scanned in the early hours of Thursday or Wednesday, but the virus won't have been there longer than that, and probably less than 24 hours by the time F-Prot quarantined it in the early hours of Friday morning.

I don't have access to any valuable information of anybody else's. I'm a teacher, so I have access to kids' confidential reports etc, but nothing that would be valuable to a hacker. My school's system won't let the computer remember my login info even if I tell it to, but makes me type it in every time anyway.

The document you recommend says "If the backdoor merely opens a port to listen and the computer was behind a working firewall or NAT router, then the risk of the backdoor being used is greatly reduced. Therefore there is probably a much lower risk if re-formatting and re-installing is not done." Windows firewall has been running since I got the computer. How do I know whether Expiro is the sort of backdoor that only opens a port to listen, or the sort that actively contacts hackers, please?

Windows defender was also running - does that make any difference to anything? Windows security center says my firewall, malware protection and other security settings are all OK. (I have automatic updating set to download automatically and prompt me before installing, so that's yellow rather than green, but I always install things as soon as convenient when they download themselves.)

I have disabled its wireless, and it says it isn't connected to any networks. Is that sufficient to stop it contacting the outside world, or should I turn off my wireless router? I'd rather not do that if I haven't got to, because it will inconvenience other family members. (The other computers have AVC, which says they are all clean.)

I'd like to begin by getting the computer as clean as possible while I continue to consider whether to reformat it. Please tell me what to do next.

Thank you so much. It is very kind of you to spare me your time at this busy season.
Happy Christmas!

Edited by LydiaJ, 24 December 2011 - 04:13 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 25 December 2011 - 12:06 AM

Merry Christmas
I failed to mention these Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. These will need to be cleaned also.

Fortunately this will not go to that port. ALL passwords should be changed,after we're done or from another computer.

I have disabled its wireless, and it says it isn't connected to any networks

. This is good.

Now we clean it.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your

registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily

disable such programs or permit them to allow the changes.
  • Make

    sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use

    Malwarebytes' Anti-Malware Guide
    .
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from

    here
    and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your

    operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed

with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing

all the malware.


Troubleshoot Malwarebytes' Anti-Malware


>>>


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

>>>>>>
Please go to the Microsoft Recovery Console and restore a clean MBR.

On Windows Vista and 7:
Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Type or copy/paste bootrec /fixmbr command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 28 December 2011 - 05:51 AM

Thank you so much for your help. I've tried to follow your instructions but it didn't quite go to plan. Here's what happened:

Between posting my problem and getting your reply, I tried running F-Prot again, but each time I tried to do a full scan it ended up hanging the computer part way through the scan. The screen would still say it was in the middle of scanning, but the "time elapsed" counter would stop, and the computer would become completely unresponsive to the keyboard and mouse, and I'd have to reboot it completely.

After I received your reply, I installed MiniToolBox and ran it. I updated malwarebytes and ran it but it didn't find anything. I installed ESET and tried to run it. It ran for several hours and then hung the computer just like it previously hung during F-Prot. Its progress bar said it had nearly finished, and I could see that it had found one infected file with multiple threats, but not which file or what threats. I rebooted, ran CCleaner, and tried again. It hung again, nearer the beginning of the process.

I wondered what would speed things up a bit, and decided to unintall a bunch of stuff that hasn't been used for months - mostly games that haven't been used since before I got a second computer for my kids to use. I did that and tried again from the beginning. I ran MiniToolBox (results below). I ran malwarebytes, which didn't find anything. I ran ESET, which got through to the end fine, and found nothing. I ran F-Prot full scan, which got all the way through and found nothing.

I'm not sure what to do about restoring a clean MBR. I don't remember if the computer ever had a windows CD, and if I did I haven't seen it since before we moved house. The other computers in this house were all acquired second-hand and don't have windows CDs either. What should I do, please?

Thanks again.

MiniToolBox log file:
(I don't know what the stuff about trinitycheltenham.com is about. That's a previous employer of mine. I don't work there any more and don't log in to its network any more. Is there anything I should delete or uninstall or anything?)

MiniToolBox by Farbar
Ran by Lydia (administrator) on 26-12-2011 at 14:02:12
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : 1545User-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : trinitycheltenham.com
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-AE-03-13-25
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-5F-49-04-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::542a:ae2c:2ad9:a69a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 26 December 2011 14:01:13
Lease Expires . . . . . . . . . . : 27 December 2011 14:01:13
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218112607
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-34-26-E2-00-22-5F-49-04-DB
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.trinitycheltenham.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:105d:3c45:3f57:febc(Preferred)
Link-local IPv6 Address . . . . . : fe80::105d:3c45:3f57:febc%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.trinitycheltenham.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.67.105
173.194.67.103
173.194.67.106
173.194.67.99
173.194.67.147
173.194.67.104



Pinging google.com [173.194.67.147] with 32 bytes of data:

Reply from 173.194.67.147: bytes=32 time=19ms TTL=44

Reply from 173.194.67.147: bytes=32 time=18ms TTL=44



Ping statistics for 173.194.67.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 19ms, Average = 18ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=153ms TTL=47

Reply from 209.191.122.70: bytes=32 time=139ms TTL=46



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 139ms, Maximum = 153ms, Average = 146ms

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 4ms, Average = 2ms

===========================================================================
Interface List
11 ...00 23 ae 03 13 25 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
10 ...00 22 5f 49 04 db ...... Dell Wireless 1397 WLAN Mini-Card
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.trinitycheltenham.com
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.home
16 ...00 00 00 00 00 00 00 e0 isatap.trinitycheltenham.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:5ef5:79fb:105d:3c45:3f57:febc/128
On-link
10 281 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::105d:3c45:3f57:febc/128
On-link
10 281 fe80::542a:ae2c:2ad9:a69a/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2011 01:31:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2011 01:03:09 PM) (Source: MsiInstaller) (User: Lydia)Lydia
Description: Product: LEGO® Star Wars™ III: The Clone Wars™ -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (12/26/2011 00:40:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 00:34:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 00:30:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 00:28:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 00:24:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 11:23:04 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 11:19:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a27349df-7dd0-4ebc-ae73-9ddef9a52d6f}

Error: (12/26/2011 11:14:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/26/2011 01:31:26 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/26/2011 01:31:26 PM) (Source: Service Control Manager) (User: )
Description: USB RNDIS Adapter%%1058

Error: (12/26/2011 01:31:26 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (12/26/2011 11:18:42 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/26/2011 11:16:10 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (12/26/2011 11:16:10 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (12/26/2011 11:15:12 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (12/26/2011 11:14:06 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/26/2011 11:14:06 AM) (Source: Service Control Manager) (User: )
Description: USB RNDIS Adapter%%1058

Error: (12/26/2011 11:14:06 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058


Microsoft Office Sessions:
=========================
Error: (10/21/2011 01:15:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7066 seconds with 240 seconds of active time. This session ended with a crash.

Error: (10/01/2011 05:03:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2329 seconds with 480 seconds of active time. This session ended with a crash.

Error: (10/01/2011 04:24:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 722 seconds with 480 seconds of active time. This session ended with a crash.

Error: (08/26/2011 07:24:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4264 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (08/24/2011 11:02:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2401 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (07/13/2011 07:24:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1251 seconds with 180 seconds of active time. This session ended with a crash.

Error: (06/30/2011 11:55:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10273 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (05/15/2011 09:39:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 35121 seconds with 1800 seconds of active time. This session ended with a crash.

Error: (04/28/2011 06:17:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 67290 seconds with 4860 seconds of active time. This session ended with a crash.

Error: (02/07/2011 02:00:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 414 seconds with 360 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

3DVIA player 5.0 (Version: 5.0.0.12)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 6
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
BBC iPlayer Desktop (Version: 3.0.5)
Bonjour (Version: 3.0.0.10)
BT Auto Backup
CCleaner (Version: 3.12)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
CompanionLink (Version: 5.00.5000)
Dell Dock
Dell Dock (Version: 1.99)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Demand Five Player (Version: 1.0.0.12174)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.1.5.0)
EPSON Easy Photo Print (Version: 1.1.0.0)
EPSON File Manager (Version: 1.1.0.0)
EPSON Image Clip Palette (Version: 1.02.00)
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant (Version: 1.02.00)
EPSON Web-To-Page
ESDX3800 User's Guide
ESET Online Scanner v3
F-PROT Antivirus for Windows (Version: 6.0.9.6)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
GoToAssist 8.0.0.482
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 2.0.7.018)
IDT Audio (Version: 1.0.6047.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Driver (Version: 12.00.2000)
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 29 (Version: 6.0.290)
KacoViso (Version: 2.2.3)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Marvell Miniport Driver (Version: 10.63.3.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.4.0)
Mozilla Firefox 8.0 (x86 en-GB) (Version: 8.0)
Mozilla Thunderbird (3.1.11) (Version: 3.1.11 (en-GB))
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
My pet Hotel (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Connectivity Solution (Version: 9.23.3.0)
PIF DESIGNER
PL-2303 USB-to-Serial (Version: 1.00.000)
QuickTime (Version: 7.71.80.42)
Rapport (Version: 3.5.1108.55)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roll
Uninstall Entriq MediaSphere (Version: 3.8.2.9)
Viewpoint Media Player
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Yahoo! Toolbar

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3033.64 MB
Available physical RAM: 1668.69 MB
Total Pagefile: 6279.42 MB
Available Pagefile: 4920.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:85.63 GB) NTFS

========================= Users: ========================================

User accounts for \\1545USER-PC

1545User Lydia Administrator
Ed & Lizzie Guest

========================= Minidump Files ==================================


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 28 December 2011 - 07:52 PM

OK Lydia,I see a lot of errors in the applications and system.

Let do this.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 29 December 2011 - 05:06 PM

Thank you. I've done that. Here's the log file:

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 21:55:49
-----------------------------
21:55:49.771 OS Version: Windows 6.0.6002 Service Pack 2
21:55:49.772 Number of processors: 2 586 0xF0D
21:55:49.773 ComputerName: 1545USER-PC UserName: Lydia
21:55:52.133 Initialize success
21:59:33.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:59:33.797 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
21:59:33.828 Disk 0 MBR read successfully
21:59:33.831 Disk 0 MBR scan
21:59:33.835 Disk 0 Windows VISTA default MBR code
21:59:33.887 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
21:59:33.921 Disk 0 scanning sectors +488394752
21:59:33.991 Disk 0 scanning C:\Windows\system32\drivers
21:59:59.191 Service scanning
22:00:02.876 Modules scanning
22:00:31.388 Disk 0 trace - called modules:
22:00:31.404
22:00:31.413 Scan finished successfully
22:01:50.213 Disk 0 MBR has been saved successfully to "C:\Users\Lydia\Desktop\MBR.dat"
22:01:50.221 The log file has been saved successfully to "C:\Users\Lydia\Desktop\aswMBR.txt"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 29 December 2011 - 09:30 PM

Please run F Prot and see what it says.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 30 December 2011 - 01:01 PM

F Prot has run a full scan and not found anything. However, I find the computer is unusably slow while F Prot is running, and can't be used for anything else at the same time. Is it supposed to be like that?

Thanks.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 30 December 2011 - 09:44 PM

Hello, while it is not adviseable to run other apps while scanning,it can slow things down tremendously,you may have other issues.
The report shows System errors that can also be a problem.

Let's scan for rootkits.
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 31 December 2011 - 08:32 AM

Thanks. Here's the report.

12:27:00.0772 4620 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:27:01.0501 4620 ============================================================
12:27:01.0501 4620 Current date / time: 2011/12/31 12:27:01.0501
12:27:01.0501 4620 SystemInfo:
12:27:01.0501 4620
12:27:01.0501 4620 OS Version: 6.0.6002 ServicePack: 2.0
12:27:01.0501 4620 Product type: Workstation
12:27:01.0501 4620 ComputerName: 1545USER-PC
12:27:01.0502 4620 UserName: Lydia
12:27:01.0502 4620 Windows directory: C:\Windows
12:27:01.0502 4620 System windows directory: C:\Windows
12:27:01.0502 4620 Processor architecture: Intel x86
12:27:01.0502 4620 Number of processors: 2
12:27:01.0502 4620 Page size: 0x1000
12:27:01.0502 4620 Boot type: Normal boot
12:27:01.0502 4620 ============================================================
12:27:02.0564 4620 Initialize success
12:27:04.0081 5276 ============================================================
12:27:04.0081 5276 Scan started
12:27:04.0081 5276 Mode: Manual;
12:27:04.0081 5276 ============================================================
12:27:05.0145 5276 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
12:27:05.0212 5276 61883 - ok
12:27:05.0352 5276 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:27:05.0379 5276 ACPI - ok
12:27:05.0523 5276 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:27:05.0554 5276 adp94xx - ok
12:27:05.0616 5276 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:27:05.0644 5276 adpahci - ok
12:27:05.0686 5276 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:27:05.0715 5276 adpu160m - ok
12:27:05.0822 5276 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:27:05.0856 5276 adpu320 - ok
12:27:06.0059 5276 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:27:06.0087 5276 AFD - ok
12:27:06.0172 5276 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:27:06.0204 5276 agp440 - ok
12:27:06.0321 5276 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:27:06.0350 5276 aic78xx - ok
12:27:06.0410 5276 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:27:06.0425 5276 aliide - ok
12:27:06.0530 5276 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:27:06.0549 5276 amdagp - ok
12:27:06.0661 5276 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:27:06.0678 5276 amdide - ok
12:27:06.0787 5276 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:27:06.0807 5276 AmdK7 - ok
12:27:06.0854 5276 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:27:06.0873 5276 AmdK8 - ok
12:27:07.0040 5276 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:27:07.0064 5276 arc - ok
12:27:07.0130 5276 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:27:07.0153 5276 arcsas - ok
12:27:07.0172 5276 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:27:07.0197 5276 AsyncMac - ok
12:27:07.0319 5276 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:27:07.0336 5276 atapi - ok
12:27:07.0446 5276 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
12:27:07.0491 5276 Avc - ok
12:27:07.0603 5276 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
12:27:07.0621 5276 BCM42RLY - ok
12:27:07.0683 5276 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:27:07.0756 5276 BCM43XX - ok
12:27:07.0928 5276 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:27:07.0944 5276 Beep - ok
12:27:07.0999 5276 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:27:08.0025 5276 blbdrive - ok
12:27:08.0162 5276 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:27:08.0990 5276 bowser - ok
12:27:09.0081 5276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:27:09.0110 5276 BrFiltLo - ok
12:27:09.0191 5276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:27:09.0218 5276 BrFiltUp - ok
12:27:09.0303 5276 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:27:09.0351 5276 Brserid - ok
12:27:09.0390 5276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:27:09.0442 5276 BrSerWdm - ok
12:27:09.0554 5276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:27:09.0593 5276 BrUsbMdm - ok
12:27:09.0645 5276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:27:09.0672 5276 BrUsbSer - ok
12:27:09.0798 5276 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:27:09.0817 5276 BTHMODEM - ok
12:27:09.0940 5276 catchme - ok
12:27:10.0056 5276 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:27:10.0097 5276 cdfs - ok
12:27:10.0200 5276 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:27:10.0238 5276 cdrom - ok
12:27:10.0455 5276 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:27:10.0491 5276 circlass - ok
12:27:10.0794 5276 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:27:10.0820 5276 CLFS - ok
12:27:10.0977 5276 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:27:11.0016 5276 CmBatt - ok
12:27:11.0041 5276 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:27:11.0057 5276 cmdide - ok
12:27:11.0083 5276 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:27:11.0112 5276 Compbatt - ok
12:27:11.0132 5276 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:27:11.0152 5276 crcdisk - ok
12:27:11.0202 5276 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:27:11.0225 5276 Crusoe - ok
12:27:11.0498 5276 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:27:11.0520 5276 DfsC - ok
12:27:11.0808 5276 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:27:11.0846 5276 disk - ok
12:27:12.0007 5276 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:27:12.0044 5276 drmkaud - ok
12:27:12.0126 5276 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:27:12.0165 5276 DXGKrnl - ok
12:27:12.0296 5276 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:27:12.0385 5276 E1G60 - ok
12:27:12.0520 5276 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:27:12.0567 5276 Ecache - ok
12:27:12.0814 5276 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:27:12.0843 5276 elxstor - ok
12:27:12.0937 5276 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:27:12.0954 5276 ErrDev - ok
12:27:13.0099 5276 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:27:13.0123 5276 exfat - ok
12:27:13.0242 5276 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:27:13.0265 5276 fastfat - ok
12:27:13.0371 5276 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:27:13.0392 5276 fdc - ok
12:27:13.0489 5276 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:27:13.0513 5276 FileInfo - ok
12:27:13.0573 5276 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:27:13.0594 5276 Filetrace - ok
12:27:13.0654 5276 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:27:13.0673 5276 flpydisk - ok
12:27:13.0806 5276 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:27:13.0840 5276 FltMgr - ok
12:27:14.0136 5276 FPAV_RTP (ef259d5aeec9e590b143b0112b5efe49) C:\Windows\system32\DRIVERS\FStopW.sys
12:27:14.0208 5276 FPAV_RTP - ok
12:27:14.0458 5276 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:27:14.0499 5276 Fs_Rec - ok
12:27:14.0715 5276 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:27:14.0753 5276 gagp30kx - ok
12:27:14.0973 5276 gAGP440p - ok
12:27:15.0223 5276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:27:15.0267 5276 GEARAspiWDM - ok
12:27:15.0576 5276 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:27:15.0617 5276 HdAudAddService - ok
12:27:15.0923 5276 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:27:15.0974 5276 HDAudBus - ok
12:27:16.0180 5276 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:27:16.0201 5276 HidBth - ok
12:27:16.0257 5276 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:27:16.0274 5276 HidIr - ok
12:27:16.0474 5276 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:27:16.0487 5276 HidUsb - ok
12:27:16.0527 5276 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:27:16.0546 5276 HpCISSs - ok
12:27:16.0686 5276 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:27:16.0702 5276 HTCAND32 - ok
12:27:16.0777 5276 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:27:16.0801 5276 HTTP - ok
12:27:16.0883 5276 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:27:16.0897 5276 i2omp - ok
12:27:16.0973 5276 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:27:16.0995 5276 i8042prt - ok
12:27:17.0146 5276 iaStor (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\DRIVERS\iaStor.sys
12:27:17.0154 5276 iaStor - ok
12:27:17.0209 5276 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:27:17.0240 5276 iaStorV - ok
12:27:17.0380 5276 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:27:17.0500 5276 igfx - ok
12:27:17.0590 5276 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:27:17.0609 5276 iirsp - ok
12:27:17.0671 5276 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:27:17.0686 5276 intelide - ok
12:27:17.0808 5276 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:27:17.0826 5276 intelppm - ok
12:27:17.0880 5276 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:27:17.0902 5276 IpFilterDriver - ok
12:27:17.0971 5276 IpInIp - ok
12:27:18.0020 5276 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:27:18.0037 5276 IPMIDRV - ok
12:27:18.0063 5276 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:27:18.0085 5276 IPNAT - ok
12:27:18.0209 5276 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:27:18.0225 5276 IRENUM - ok
12:27:18.0306 5276 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:27:18.0327 5276 isapnp - ok
12:27:18.0393 5276 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:27:18.0414 5276 iScsiPrt - ok
12:27:18.0494 5276 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:27:18.0509 5276 iteatapi - ok
12:27:18.0566 5276 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:27:18.0581 5276 iteraid - ok
12:27:18.0602 5276 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:27:18.0621 5276 kbdclass - ok
12:27:18.0720 5276 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:27:18.0735 5276 kbdhid - ok
12:27:18.0817 5276 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:27:18.0848 5276 KSecDD - ok
12:27:18.0973 5276 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:27:18.0989 5276 lltdio - ok
12:27:19.0054 5276 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:27:19.0073 5276 LSI_FC - ok
12:27:19.0113 5276 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:27:19.0134 5276 LSI_SAS - ok
12:27:19.0219 5276 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:27:19.0243 5276 LSI_SCSI - ok
12:27:19.0279 5276 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:27:19.0311 5276 luafv - ok
12:27:19.0451 5276 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:27:19.0484 5276 MBAMProtector - ok
12:27:19.0578 5276 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:27:19.0597 5276 megasas - ok
12:27:19.0718 5276 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:27:19.0746 5276 MegaSR - ok
12:27:19.0836 5276 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:27:19.0857 5276 Modem - ok
12:27:19.0916 5276 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:27:19.0933 5276 monitor - ok
12:27:20.0017 5276 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:27:20.0035 5276 mouclass - ok
12:27:20.0066 5276 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:27:20.0082 5276 mouhid - ok
12:27:20.0102 5276 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:27:20.0122 5276 MountMgr - ok
12:27:20.0218 5276 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:27:20.0247 5276 mpio - ok
12:27:20.0300 5276 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:27:20.0323 5276 mpsdrv - ok
12:27:20.0372 5276 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:27:20.0388 5276 Mraid35x - ok
12:27:20.0520 5276 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:27:20.0543 5276 MRxDAV - ok
12:27:20.0633 5276 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:27:20.0658 5276 mrxsmb - ok
12:27:20.0742 5276 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:27:20.0758 5276 mrxsmb10 - ok
12:27:20.0887 5276 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:27:20.0906 5276 mrxsmb20 - ok
12:27:21.0014 5276 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
12:27:21.0027 5276 msahci - ok
12:27:21.0089 5276 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:27:21.0104 5276 msdsm - ok
12:27:21.0250 5276 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
12:27:21.0295 5276 MSDV - ok
12:27:21.0358 5276 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:27:21.0376 5276 Msfs - ok
12:27:21.0499 5276 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:27:21.0517 5276 msisadrv - ok
12:27:21.0617 5276 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:27:21.0663 5276 MSKSSRV - ok
12:27:21.0777 5276 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:27:21.0800 5276 MSPCLOCK - ok
12:27:21.0829 5276 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:27:21.0852 5276 MSPQM - ok
12:27:21.0963 5276 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:27:21.0978 5276 MsRPC - ok
12:27:22.0025 5276 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:27:22.0043 5276 mssmbios - ok
12:27:22.0070 5276 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:27:22.0092 5276 MSTEE - ok
12:27:22.0216 5276 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:27:22.0232 5276 Mup - ok
12:27:22.0356 5276 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:27:22.0378 5276 NativeWifiP - ok
12:27:22.0538 5276 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:27:22.0585 5276 NDIS - ok
12:27:22.0675 5276 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:27:22.0689 5276 NdisTapi - ok
12:27:22.0713 5276 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:27:22.0728 5276 Ndisuio - ok
12:27:22.0830 5276 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:27:22.0846 5276 NdisWan - ok
12:27:22.0903 5276 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:27:22.0923 5276 NDProxy - ok
12:27:23.0024 5276 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:27:23.0042 5276 NetBIOS - ok
12:27:23.0123 5276 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:27:23.0143 5276 netbt - ok
12:27:23.0193 5276 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:27:23.0211 5276 nfrd960 - ok
12:27:23.0340 5276 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:27:23.0356 5276 Npfs - ok
12:27:23.0418 5276 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:27:23.0436 5276 nsiproxy - ok
12:27:23.0585 5276 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:27:23.0651 5276 Ntfs - ok
12:27:23.0752 5276 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:27:23.0788 5276 ntrigdigi - ok
12:27:23.0827 5276 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:27:23.0845 5276 Null - ok
12:27:23.0880 5276 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:27:23.0901 5276 nvraid - ok
12:27:23.0942 5276 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:27:23.0959 5276 nvstor - ok
12:27:24.0072 5276 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:27:24.0093 5276 nv_agp - ok
12:27:24.0108 5276 NwlnkFlt - ok
12:27:24.0125 5276 NwlnkFwd - ok
12:27:24.0318 5276 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:27:24.0346 5276 ohci1394 - ok
12:27:24.0399 5276 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:27:24.0417 5276 Parport - ok
12:27:24.0477 5276 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:27:24.0492 5276 partmgr - ok
12:27:24.0596 5276 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:27:24.0610 5276 Parvdm - ok
12:27:24.0709 5276 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:27:24.0728 5276 pccsmcfd - ok
12:27:24.0849 5276 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:27:24.0878 5276 pci - ok
12:27:24.0928 5276 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:27:24.0942 5276 pciide - ok
12:27:24.0964 5276 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:27:24.0999 5276 pcmcia - ok
12:27:25.0132 5276 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:27:25.0172 5276 PEAUTH - ok
12:27:25.0324 5276 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:27:25.0342 5276 PptpMiniport - ok
12:27:25.0382 5276 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:27:25.0400 5276 Processor - ok
12:27:25.0481 5276 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:27:25.0507 5276 PSched - ok
12:27:25.0680 5276 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:27:25.0749 5276 ql2300 - ok
12:27:25.0869 5276 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:27:25.0887 5276 ql40xx - ok
12:27:25.0926 5276 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:27:25.0944 5276 QWAVEdrv - ok
12:27:26.0070 5276 RapportBuka - ok
12:27:26.0396 5276 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
12:27:26.0504 5276 RapportCerberus_34302 - ok
12:27:26.0590 5276 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:27:26.0611 5276 RapportEI - ok
12:27:26.0718 5276 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
12:27:26.0740 5276 RapportKELL - ok
12:27:26.0869 5276 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:27:26.0914 5276 RapportPG - ok
12:27:27.0009 5276 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:27:27.0024 5276 RasAcd - ok
12:27:27.0070 5276 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:27:27.0086 5276 Rasl2tp - ok
12:27:27.0163 5276 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:27:27.0181 5276 RasPppoe - ok
12:27:27.0305 5276 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:27:27.0323 5276 RasSstp - ok
12:27:27.0400 5276 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:27:27.0425 5276 rdbss - ok
12:27:27.0460 5276 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:27:27.0478 5276 RDPCDD - ok
12:27:27.0597 5276 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:27:27.0626 5276 rdpdr - ok
12:27:27.0729 5276 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:27:27.0745 5276 RDPENCDD - ok
12:27:27.0809 5276 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:27:27.0828 5276 RDPWD - ok
12:27:27.0887 5276 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:27:27.0905 5276 rspndr - ok
12:27:28.0015 5276 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS
12:27:28.0031 5276 RTSTOR - ok
12:27:28.0088 5276 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:27:28.0113 5276 sbp2port - ok
12:27:28.0171 5276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:27:28.0190 5276 secdrv - ok
12:27:28.0350 5276 Ser2pl (80427512042d392b7343c6e30753a410) C:\Windows\system32\DRIVERS\ser2pl.sys
12:27:28.0370 5276 Ser2pl - ok
12:27:28.0419 5276 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
12:27:28.0436 5276 Serenum - ok
12:27:28.0471 5276 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:27:28.0489 5276 Serial - ok
12:27:28.0611 5276 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
12:27:28.0627 5276 sermouse - ok
12:27:28.0683 5276 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:27:28.0700 5276 sffdisk - ok
12:27:28.0726 5276 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:27:28.0742 5276 sffp_mmc - ok
12:27:28.0778 5276 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:27:28.0793 5276 sffp_sd - ok
12:27:28.0913 5276 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
12:27:28.0931 5276 sfloppy - ok
12:27:29.0002 5276 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:27:29.0029 5276 sisagp - ok
12:27:29.0085 5276 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:27:29.0104 5276 SiSRaid2 - ok
12:27:29.0226 5276 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:27:29.0246 5276 SiSRaid4 - ok
12:27:29.0325 5276 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:27:29.0347 5276 Smb - ok
12:27:29.0391 5276 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:27:29.0408 5276 spldr - ok
12:27:29.0523 5276 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:27:29.0553 5276 srv - ok
12:27:29.0676 5276 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:27:29.0702 5276 srv2 - ok
12:27:29.0722 5276 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:27:29.0744 5276 srvnet - ok
12:27:29.0829 5276 STHDA (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\DRIVERS\stwrt.sys
12:27:29.0857 5276 STHDA - ok
12:27:29.0955 5276 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:27:29.0984 5276 swenum - ok
12:27:30.0033 5276 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:27:30.0051 5276 Symc8xx - ok
12:27:30.0080 5276 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:27:30.0096 5276 Sym_hi - ok
12:27:30.0197 5276 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:27:30.0213 5276 Sym_u3 - ok
12:27:30.0312 5276 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:27:30.0367 5276 Tcpip - ok
12:27:30.0488 5276 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:27:30.0500 5276 Tcpip6 - ok
12:27:30.0602 5276 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:27:30.0620 5276 tcpipreg - ok
12:27:30.0685 5276 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:27:30.0700 5276 TDPIPE - ok
12:27:30.0729 5276 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:27:30.0745 5276 TDTCP - ok
12:27:30.0816 5276 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:27:30.0832 5276 tdx - ok
12:27:30.0943 5276 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:27:30.0955 5276 TermDD - ok
12:27:31.0040 5276 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:27:31.0061 5276 tssecsrv - ok
12:27:31.0127 5276 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:27:31.0140 5276 tunmp - ok
12:27:31.0306 5276 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:27:31.0319 5276 tunnel - ok
12:27:31.0380 5276 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:27:31.0395 5276 uagp35 - ok
12:27:31.0460 5276 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:27:31.0487 5276 udfs - ok
12:27:31.0620 5276 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:27:31.0641 5276 uliagpkx - ok
12:27:31.0685 5276 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:27:31.0709 5276 uliahci - ok
12:27:31.0747 5276 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:27:31.0773 5276 UlSata - ok
12:27:31.0891 5276 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:27:31.0914 5276 ulsata2 - ok
12:27:31.0939 5276 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:27:31.0954 5276 umbus - ok
12:27:32.0048 5276 upperdev - ok
12:27:32.0172 5276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:27:32.0188 5276 USBAAPL - ok
12:27:32.0338 5276 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:27:32.0375 5276 usbaudio - ok
12:27:32.0454 5276 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:27:32.0466 5276 usbccgp - ok
12:27:32.0564 5276 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:27:32.0583 5276 usbcir - ok
12:27:32.0664 5276 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:27:32.0686 5276 usbehci - ok
12:27:32.0716 5276 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:27:32.0738 5276 usbhub - ok
12:27:32.0846 5276 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:27:32.0865 5276 usbohci - ok
12:27:32.0938 5276 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:27:32.0957 5276 usbprint - ok
12:27:33.0031 5276 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:27:33.0051 5276 usbscan - ok
12:27:33.0178 5276 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:27:33.0198 5276 USBSTOR - ok
12:27:33.0230 5276 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:27:33.0255 5276 usbuhci - ok
12:27:33.0277 5276 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
12:27:33.0294 5276 usb_rndisx - ok
12:27:33.0463 5276 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:33.0483 5276 vga - ok
12:27:33.0533 5276 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:27:33.0555 5276 VgaSave - ok
12:27:33.0607 5276 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:27:33.0661 5276 viaagp - ok
12:27:33.0707 5276 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:27:33.0725 5276 ViaC7 - ok
12:27:33.0848 5276 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:27:33.0863 5276 viaide - ok
12:27:33.0896 5276 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:27:33.0914 5276 volmgr - ok
12:27:34.0002 5276 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:27:34.0028 5276 volmgrx - ok
12:27:34.0151 5276 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:27:34.0171 5276 volsnap - ok
12:27:34.0261 5276 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:27:34.0280 5276 vsmraid - ok
12:27:34.0332 5276 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:27:34.0364 5276 WacomPen - ok
12:27:34.0406 5276 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:27:34.0427 5276 Wanarp - ok
12:27:34.0450 5276 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:27:34.0453 5276 Wanarpv6 - ok
12:27:34.0571 5276 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:27:34.0589 5276 Wd - ok
12:27:34.0628 5276 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:27:34.0665 5276 Wdf01000 - ok
12:27:34.0818 5276 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:27:34.0833 5276 WmiAcpi - ok
12:27:34.0976 5276 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:27:34.0997 5276 WpdUsb - ok
12:27:35.0065 5276 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:27:35.0080 5276 ws2ifsl - ok
12:27:35.0150 5276 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:27:35.0199 5276 WUDFRd - ok
12:27:35.0331 5276 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
12:27:35.0353 5276 yukonwlh - ok
12:27:35.0403 5276 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:27:35.0463 5276 \Device\Harddisk0\DR0 - ok
12:27:35.0472 5276 Boot (0x1200) (ee75f761680849cfd0113177f53a1a7e) \Device\Harddisk0\DR0\Partition0
12:27:35.0474 5276 \Device\Harddisk0\DR0\Partition0 - ok
12:27:35.0476 5276 ============================================================
12:27:35.0476 5276 Scan finished
12:27:35.0476 5276 ============================================================
12:27:35.0510 5264 Detected object count: 0
12:27:35.0510 5264 Actual detected object count: 0

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 31 December 2011 - 07:51 PM

Hello. I am converned that you have exe file damage from the malware. I would say if you do not wanr ro reformat is to start a topic in Malware Removal. There they can see if it is still repairable.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 LydiaJ

LydiaJ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 13 January 2012 - 04:08 AM

Thank you so much, boopme. I went to the board you linked to, and got a lot of help from myrti, who worked out that some of my problems were caused by disk errors rather than malware. Chkdsk has sorted me out, and my computer is now running much better. :)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:10 PM

Posted 13 January 2012 - 03:26 PM

Excellent Lydia, thaks foe the update!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users