Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot connect to internet after virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 cody7880

cody7880

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 09 January 2012 - 06:04 PM

recently had win 7 2012 virus, removed virus, now cannot connect to any internet. troubleshooting states can not detect networks proxy settings.

internet is not the issue.
see also

http://www.bleepingcomputer.com/forums/topic437171.html/page__pid__2545962#entry2545962







DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by haley at 15:53:07 on 2012-01-09
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.235 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5A04BA88-09FB-4038-BFA9-60C91EBAA696} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{DDCC3929-22E7-473B-8CF5-2EA3F5A2ADC8}\2375942554236343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DDCC3929-22E7-473B-8CF5-2EA3F5A2ADC8}\36F64697 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{DDCC3929-22E7-473B-8CF5-2EA3F5A2ADC8}\86F6D65602E6564777F627B6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\haley\appdata\roaming\mozilla\firefox\profiles\lcw7olbl.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2011-5-8 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2011-5-8 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32v.sys [2009-7-2 78832]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslfd23f9b9;MpKslfd23f9b9;c:\programdata\microsoft\microsoft antimalware\definition updates\{6cf54c85-b36a-4d92-bc58-a600f9139755}\MpKslfd23f9b9.sys [2012-1-9 29904]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2011-5-8 25584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe [2011-5-8 81920]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-4-27 50688]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-7-9 199152]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-5-8 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-5-8 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-31 52224]
.
=============== Created Last 30 ================
.
2012-01-09 17:15:37 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cf54c85-b36a-4d92-bc58-a600f9139755}\MpKslfd23f9b9.sys
2012-01-09 16:42:12 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cf54c85-b36a-4d92-bc58-a600f9139755}\offreg.dll
2012-01-04 17:19:41 -------- d-----w- c:\users\haley\appdata\local\ElevatedDiagnostics
2011-12-31 21:18:40 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cf54c85-b36a-4d92-bc58-a600f9139755}\mpengine.dll
2011-12-15 20:40:20 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 20:39:41 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 20:38:53 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 20:38:49 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 20:38:42 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 20:38:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:56:05.28 ===============

Attached Files

  • Attached File  ark.txt   4.92KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 12 January 2012 - 03:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 12 January 2012 - 01:36 PM

scan says should take 10-20 minutes, been running over hr. should i close and try again? also a box kept saying sec. essentials was running even tho i turned it off

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 12 January 2012 - 02:36 PM

Hello


If it is not progressing go ahead and stop it and come back and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 10:36 AM

combofix will not run, tried several times, always sayssecuity essentials is on even tho its not. i even uninstalled sec. essentials, comfix still said it was running. i tried running comfix in safe mode, i tried renaming com fix, every time it gets to blue box says take 10-20 minutes and then nothing.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 13 January 2012 - 10:42 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 11:00 AM

10:52:50.0243 12912 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
10:52:50.0368 12912 ============================================================
10:52:50.0368 12912 Current date / time: 2012/01/13 10:52:50.0368
10:52:50.0368 12912 SystemInfo:
10:52:50.0368 12912
10:52:50.0368 12912 OS Version: 6.1.7601 ServicePack: 1.0
10:52:50.0368 12912 Product type: Workstation
10:52:50.0368 12912 ComputerName: HALEY-PC
10:52:50.0368 12912 UserName: haley
10:52:50.0368 12912 Windows directory: C:\Windows
10:52:50.0368 12912 System windows directory: C:\Windows
10:52:50.0368 12912 Processor architecture: Intel x86
10:52:50.0368 12912 Number of processors: 2
10:52:50.0368 12912 Page size: 0x1000
10:52:50.0368 12912 Boot type: Normal boot
10:52:50.0368 12912 ============================================================
10:52:51.0819 12912 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
10:52:51.0834 12912 Drive \Device\Harddisk1\DR1 - Size: 0xF4B00000, SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:52:51.0959 12912 Initialize success
10:53:00.0446 13008 ============================================================
10:53:00.0446 13008 Scan started
10:53:00.0446 13008 Mode: Manual;
10:53:00.0446 13008 ============================================================
10:53:00.0960 13008 .afd - ok
10:53:01.0148 13008 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:53:01.0163 13008 1394ohci - ok
10:53:01.0288 13008 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:53:01.0319 13008 ACPI - ok
10:53:01.0366 13008 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:53:01.0382 13008 AcpiPmi - ok
10:53:01.0475 13008 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:53:01.0506 13008 adp94xx - ok
10:53:01.0584 13008 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:53:01.0600 13008 adpahci - ok
10:53:01.0678 13008 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:53:01.0694 13008 adpu320 - ok
10:53:01.0818 13008 AFD - ok
10:53:01.0896 13008 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:53:01.0896 13008 agp440 - ok
10:53:02.0006 13008 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:53:02.0006 13008 aic78xx - ok
10:53:02.0302 13008 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:53:02.0318 13008 aliide - ok
10:53:02.0458 13008 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:53:02.0474 13008 amdagp - ok
10:53:02.0536 13008 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:53:02.0536 13008 amdide - ok
10:53:02.0614 13008 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:53:02.0630 13008 AmdK8 - ok
10:53:02.0661 13008 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:53:02.0676 13008 AmdPPM - ok
10:53:02.0770 13008 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:53:02.0786 13008 amdsata - ok
10:53:02.0988 13008 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:53:03.0051 13008 amdsbs - ok
10:53:03.0238 13008 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:53:03.0238 13008 amdxata - ok
10:53:03.0332 13008 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:53:03.0347 13008 AppID - ok
10:53:03.0456 13008 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:53:03.0472 13008 arc - ok
10:53:03.0534 13008 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:53:03.0534 13008 arcsas - ok
10:53:03.0581 13008 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:53:03.0597 13008 AsyncMac - ok
10:53:03.0675 13008 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:53:03.0675 13008 atapi - ok
10:53:03.0784 13008 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:53:03.0831 13008 athr - ok
10:53:03.0956 13008 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:53:03.0987 13008 b06bdrv - ok
10:53:04.0049 13008 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:53:04.0065 13008 b57nd60x - ok
10:53:04.0283 13008 BCM43XX (40fb1d9065e668cd4beeff0a804c40e0) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:53:04.0392 13008 BCM43XX - ok
10:53:04.0470 13008 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:53:04.0470 13008 Beep - ok
10:53:04.0548 13008 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:53:04.0564 13008 blbdrive - ok
10:53:04.0658 13008 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:53:04.0658 13008 bowser - ok
10:53:04.0720 13008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:53:04.0736 13008 BrFiltLo - ok
10:53:04.0782 13008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:53:04.0782 13008 BrFiltUp - ok
10:53:04.0829 13008 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:53:04.0845 13008 BridgeMP - ok
10:53:04.0923 13008 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:53:04.0938 13008 Brserid - ok
10:53:04.0985 13008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:53:05.0001 13008 BrSerWdm - ok
10:53:05.0048 13008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:53:05.0048 13008 BrUsbMdm - ok
10:53:05.0094 13008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:53:05.0110 13008 BrUsbSer - ok
10:53:05.0188 13008 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
10:53:05.0188 13008 BthEnum - ok
10:53:05.0235 13008 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:53:05.0250 13008 BTHMODEM - ok
10:53:05.0344 13008 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
10:53:05.0360 13008 BthPan - ok
10:53:05.0453 13008 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
10:53:05.0484 13008 BTHPORT - ok
10:53:05.0562 13008 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
10:53:05.0578 13008 BTHUSB - ok
10:53:05.0656 13008 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
10:53:05.0656 13008 btwaudio - ok
10:53:05.0750 13008 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
10:53:05.0750 13008 btwavdt - ok
10:53:05.0828 13008 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:53:05.0843 13008 btwl2cap - ok
10:53:05.0890 13008 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
10:53:05.0906 13008 btwrchid - ok
10:53:05.0984 13008 catchme - ok
10:53:06.0077 13008 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:53:06.0077 13008 cdfs - ok
10:53:06.0202 13008 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:53:06.0218 13008 cdrom - ok
10:53:06.0311 13008 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:53:06.0327 13008 circlass - ok
10:53:06.0420 13008 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:53:06.0436 13008 CLFS - ok
10:53:06.0514 13008 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:53:06.0530 13008 CmBatt - ok
10:53:06.0608 13008 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:53:06.0623 13008 cmdide - ok
10:53:06.0701 13008 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:53:06.0717 13008 CNG - ok
10:53:06.0779 13008 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:53:06.0779 13008 Compbatt - ok
10:53:06.0873 13008 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:53:06.0873 13008 CompositeBus - ok
10:53:06.0966 13008 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:53:06.0966 13008 crcdisk - ok
10:53:07.0122 13008 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:53:07.0122 13008 DfsC - ok
10:53:07.0200 13008 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:53:07.0216 13008 discache - ok
10:53:07.0278 13008 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:53:07.0310 13008 Disk - ok
10:53:07.0434 13008 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:53:07.0450 13008 drmkaud - ok
10:53:07.0481 13008 DVMIO (6368d6a6dda2e44eecc592eb50950463) C:\SPLASH.SYS\config\dvmio.sys
10:53:07.0481 13008 DVMIO - ok
10:53:07.0622 13008 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:53:07.0668 13008 DXGKrnl - ok
10:53:07.0871 13008 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:53:07.0996 13008 ebdrv - ok
10:53:08.0105 13008 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:53:08.0136 13008 elxstor - ok
10:53:08.0214 13008 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:53:08.0214 13008 ErrDev - ok
10:53:08.0339 13008 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:53:08.0355 13008 exfat - ok
10:53:08.0433 13008 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:53:08.0448 13008 fastfat - ok
10:53:08.0526 13008 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:53:08.0542 13008 fdc - ok
10:53:08.0620 13008 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:53:08.0636 13008 FileInfo - ok
10:53:08.0698 13008 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:53:08.0714 13008 Filetrace - ok
10:53:08.0776 13008 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:53:08.0792 13008 flpydisk - ok
10:53:08.0870 13008 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:53:08.0885 13008 FltMgr - ok
10:53:08.0979 13008 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:53:08.0994 13008 FsDepends - ok
10:53:09.0041 13008 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:53:09.0057 13008 Fs_Rec - ok
10:53:09.0135 13008 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:53:09.0150 13008 fvevol - ok
10:53:09.0228 13008 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:53:09.0228 13008 gagp30kx - ok
10:53:09.0384 13008 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:53:09.0384 13008 hcw85cir - ok
10:53:09.0462 13008 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:53:09.0494 13008 HdAudAddService - ok
10:53:09.0587 13008 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:53:09.0603 13008 HDAudBus - ok
10:53:09.0681 13008 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:53:09.0681 13008 HidBatt - ok
10:53:09.0759 13008 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:53:09.0774 13008 HidBth - ok
10:53:09.0821 13008 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:53:09.0837 13008 HidIr - ok
10:53:09.0915 13008 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:53:09.0930 13008 HidUsb - ok
10:53:10.0086 13008 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:53:10.0102 13008 HpSAMD - ok
10:53:10.0211 13008 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:53:10.0242 13008 HTTP - ok
10:53:10.0320 13008 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:53:10.0336 13008 hwpolicy - ok
10:53:10.0414 13008 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:53:10.0414 13008 i8042prt - ok
10:53:10.0508 13008 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
10:53:10.0523 13008 iaStor - ok
10:53:10.0617 13008 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:53:10.0632 13008 iaStorV - ok
10:53:10.0913 13008 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:53:11.0132 13008 igfx - ok
10:53:11.0210 13008 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:53:11.0210 13008 iirsp - ok
10:53:11.0366 13008 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:53:11.0381 13008 intelide - ok
10:53:11.0475 13008 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:53:11.0475 13008 intelppm - ok
10:53:11.0553 13008 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:53:11.0568 13008 IpFilterDriver - ok
10:53:11.0662 13008 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:53:11.0662 13008 IPMIDRV - ok
10:53:11.0724 13008 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:53:11.0740 13008 IPNAT - ok
10:53:11.0787 13008 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:53:11.0802 13008 IRENUM - ok
10:53:11.0865 13008 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:53:11.0880 13008 isapnp - ok
10:53:11.0974 13008 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:53:11.0990 13008 iScsiPrt - ok
10:53:12.0068 13008 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:53:12.0083 13008 kbdclass - ok
10:53:12.0177 13008 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:53:12.0177 13008 kbdhid - ok
10:53:12.0270 13008 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
10:53:12.0286 13008 KSecDD - ok
10:53:12.0364 13008 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
10:53:12.0380 13008 KSecPkg - ok
10:53:12.0458 13008 L1C (f6665df2db33703020193c81f4824c39) C:\Windows\system32\DRIVERS\L1C62x86.sys
10:53:12.0458 13008 L1C - ok
10:53:12.0567 13008 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:53:12.0582 13008 lltdio - ok
10:53:12.0692 13008 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:53:12.0692 13008 LSI_FC - ok
10:53:12.0754 13008 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:53:12.0770 13008 LSI_SAS - ok
10:53:12.0816 13008 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:53:12.0832 13008 LSI_SAS2 - ok
10:53:12.0879 13008 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:53:12.0894 13008 LSI_SCSI - ok
10:53:12.0957 13008 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:53:12.0972 13008 luafv - ok
10:53:13.0035 13008 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:53:13.0050 13008 megasas - ok
10:53:13.0128 13008 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:53:13.0144 13008 MegaSR - ok
10:53:13.0222 13008 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:53:13.0222 13008 Modem - ok
10:53:13.0300 13008 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:53:13.0300 13008 monitor - ok
10:53:13.0394 13008 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:53:13.0394 13008 mouclass - ok
10:53:13.0472 13008 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:53:13.0487 13008 mouhid - ok
10:53:13.0581 13008 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:53:13.0596 13008 mountmgr - ok
10:53:13.0674 13008 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:53:13.0690 13008 mpio - ok
10:53:13.0752 13008 MpKsl04c0c71e - ok
10:53:13.0799 13008 MpKsl09a70635 - ok
10:53:13.0830 13008 MpKsl12917ecb - ok
10:53:13.0862 13008 MpKsl1ff21166 - ok
10:53:13.0893 13008 MpKsl26769108 - ok
10:53:13.0924 13008 MpKsl703eb651 - ok
10:53:13.0955 13008 MpKsl80734cfe - ok
10:53:13.0986 13008 MpKsl94f6d93b - ok
10:53:14.0018 13008 MpKslab257165 - ok
10:53:14.0049 13008 MpKslac1115a3 - ok
10:53:14.0096 13008 MpKslb225d385 - ok
10:53:14.0127 13008 MpKslb250ab93 - ok
10:53:14.0174 13008 MpKslb6af3a57 - ok
10:53:14.0205 13008 MpKslc2c31e69 - ok
10:53:14.0236 13008 MpKsle1369fef - ok
10:53:14.0267 13008 MpKslec5b959b - ok
10:53:14.0314 13008 MpKslf4fb0e3e - ok
10:53:14.0361 13008 MpKslf6d5672e - ok
10:53:14.0392 13008 MpKslf73e6cd1 - ok
10:53:14.0423 13008 MpKslf7dd6e91 - ok
10:53:14.0517 13008 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:53:14.0532 13008 mpsdrv - ok
10:53:14.0595 13008 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:53:14.0610 13008 MRxDAV - ok
10:53:14.0704 13008 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:53:14.0704 13008 mrxsmb - ok
10:53:14.0798 13008 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:53:14.0829 13008 mrxsmb10 - ok
10:53:14.0891 13008 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:53:14.0907 13008 mrxsmb20 - ok
10:53:14.0985 13008 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:53:14.0985 13008 msahci - ok
10:53:15.0063 13008 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:53:15.0078 13008 msdsm - ok
10:53:15.0188 13008 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:53:15.0188 13008 Msfs - ok
10:53:15.0250 13008 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:53:15.0266 13008 mshidkmdf - ok
10:53:15.0390 13008 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:53:15.0390 13008 msisadrv - ok
10:53:15.0468 13008 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:53:15.0484 13008 MSKSSRV - ok
10:53:15.0531 13008 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:15.0531 13008 MSPCLOCK - ok
10:53:15.0578 13008 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:53:15.0593 13008 MSPQM - ok
10:53:15.0656 13008 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:53:15.0671 13008 MsRPC - ok
10:53:15.0796 13008 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:53:15.0812 13008 mssmbios - ok
10:53:15.0921 13008 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:53:15.0921 13008 MSTEE - ok
10:53:15.0999 13008 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:53:15.0999 13008 MTConfig - ok
10:53:16.0077 13008 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:53:16.0092 13008 Mup - ok
10:53:16.0217 13008 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:53:16.0233 13008 NativeWifiP - ok
10:53:16.0373 13008 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:53:16.0404 13008 NDIS - ok
10:53:16.0498 13008 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:16.0514 13008 NdisCap - ok
10:53:16.0592 13008 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:16.0592 13008 NdisTapi - ok
10:53:16.0670 13008 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:16.0685 13008 Ndisuio - ok
10:53:16.0779 13008 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:16.0794 13008 NdisWan - ok
10:53:16.0904 13008 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:53:16.0904 13008 NDProxy - ok
10:53:17.0044 13008 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:53:17.0060 13008 NetBIOS - ok
10:53:17.0138 13008 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:53:17.0153 13008 NetBT - ok
10:53:17.0278 13008 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:53:17.0278 13008 nfrd960 - ok
10:53:17.0356 13008 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:53:17.0372 13008 Npfs - ok
10:53:17.0434 13008 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:53:17.0434 13008 nsiproxy - ok
10:53:17.0574 13008 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:53:17.0652 13008 Ntfs - ok
10:53:17.0699 13008 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:53:17.0715 13008 Null - ok
10:53:17.0793 13008 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
10:53:17.0808 13008 NVENETFD - ok
10:53:17.0918 13008 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:53:17.0933 13008 nvraid - ok
10:53:17.0996 13008 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:53:18.0011 13008 nvstor - ok
10:53:18.0120 13008 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:53:18.0120 13008 nv_agp - ok
10:53:18.0198 13008 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:53:18.0214 13008 ohci1394 - ok
10:53:18.0292 13008 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:53:18.0308 13008 Parport - ok
10:53:18.0386 13008 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:53:18.0401 13008 partmgr - ok
10:53:18.0464 13008 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:53:18.0479 13008 Parvdm - ok
10:53:18.0651 13008 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:53:18.0666 13008 pci - ok
10:53:18.0744 13008 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:53:18.0744 13008 pciide - ok
10:53:18.0838 13008 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:53:18.0854 13008 pcmcia - ok
10:53:18.0916 13008 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:53:18.0916 13008 pcw - ok
10:53:18.0994 13008 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:53:19.0041 13008 PEAUTH - ok
10:53:19.0259 13008 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:53:19.0275 13008 PptpMiniport - ok
10:53:19.0353 13008 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:53:19.0353 13008 Processor - ok
10:53:19.0462 13008 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:53:19.0462 13008 Psched - ok
10:53:19.0540 13008 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
10:53:19.0540 13008 PxHelp20 - ok
10:53:19.0665 13008 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:53:19.0727 13008 ql2300 - ok
10:53:19.0790 13008 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:53:19.0805 13008 ql40xx - ok
10:53:19.0883 13008 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:53:19.0883 13008 QWAVEdrv - ok
10:53:19.0946 13008 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:53:19.0946 13008 RasAcd - ok
10:53:20.0008 13008 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:20.0024 13008 RasAgileVpn - ok
10:53:20.0102 13008 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:20.0102 13008 Rasl2tp - ok
10:53:20.0195 13008 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:20.0195 13008 RasPppoe - ok
10:53:20.0258 13008 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:53:20.0273 13008 RasSstp - ok
10:53:20.0367 13008 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:53:20.0382 13008 rdbss - ok
10:53:20.0445 13008 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:53:20.0460 13008 rdpbus - ok
10:53:20.0554 13008 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:20.0554 13008 RDPCDD - ok
10:53:20.0632 13008 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:53:20.0632 13008 RDPENCDD - ok
10:53:20.0710 13008 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:53:20.0726 13008 RDPREFMP - ok
10:53:20.0804 13008 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:53:20.0819 13008 RDPWD - ok
10:53:20.0897 13008 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:53:20.0913 13008 rdyboost - ok
10:53:21.0053 13008 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
10:53:21.0069 13008 RFCOMM - ok
10:53:21.0162 13008 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:53:21.0178 13008 rspndr - ok
10:53:21.0240 13008 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys
10:53:21.0256 13008 RSUSBSTOR - ok
10:53:21.0334 13008 RtsUIR - ok
10:53:21.0412 13008 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\Windows\system32\Drivers\SahdIa32.sys
10:53:21.0412 13008 SahdIa32 - ok
10:53:21.0474 13008 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\Windows\system32\Drivers\SaibIa32.sys
10:53:21.0474 13008 SaibIa32 - ok
10:53:21.0552 13008 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\Windows\system32\Drivers\SaibVd32.sys
10:53:21.0568 13008 SaibVd32 - ok
10:53:21.0662 13008 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:53:21.0677 13008 sbp2port - ok
10:53:21.0786 13008 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:53:21.0786 13008 scfilter - ok
10:53:21.0896 13008 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
10:53:21.0896 13008 sdbus - ok
10:53:21.0989 13008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:53:21.0989 13008 secdrv - ok
10:53:22.0083 13008 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:53:22.0098 13008 Serenum - ok
10:53:22.0161 13008 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:53:22.0161 13008 Serial - ok
10:53:22.0239 13008 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:53:22.0254 13008 sermouse - ok
10:53:22.0379 13008 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:53:22.0395 13008 sffdisk - ok
10:53:22.0473 13008 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:53:22.0473 13008 sffp_mmc - ok
10:53:22.0535 13008 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:53:22.0551 13008 sffp_sd - ok
10:53:22.0629 13008 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:53:22.0629 13008 sfloppy - ok
10:53:22.0754 13008 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:53:22.0754 13008 sisagp - ok
10:53:22.0847 13008 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:53:22.0863 13008 SiSRaid2 - ok
10:53:22.0910 13008 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:53:22.0925 13008 SiSRaid4 - ok
10:53:22.0988 13008 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:53:23.0003 13008 Smb - ok
10:53:23.0097 13008 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:53:23.0112 13008 spldr - ok
10:53:23.0253 13008 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:53:23.0284 13008 srv - ok
10:53:23.0362 13008 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:53:23.0393 13008 srv2 - ok
10:53:23.0518 13008 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:53:23.0534 13008 SrvHsfHDA - ok
10:53:23.0658 13008 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:53:23.0705 13008 SrvHsfV92 - ok
10:53:23.0799 13008 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:53:23.0846 13008 SrvHsfWinac - ok
10:53:23.0924 13008 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:53:23.0939 13008 srvnet - ok
10:53:24.0048 13008 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:53:24.0048 13008 stexstor - ok
10:53:24.0142 13008 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys
10:53:24.0173 13008 STHDA - ok
10:53:24.0267 13008 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:53:24.0267 13008 swenum - ok
10:53:24.0360 13008 SynTP (502986ad48c1169072cff1e087f45a2d) C:\Windows\system32\DRIVERS\SynTP.sys
10:53:24.0376 13008 SynTP - ok
10:53:24.0454 13008 SysCow (1e42b76024817715cafbd96fb026bffd) C:\Windows\system32\drivers\syscow32v.sys
10:53:24.0454 13008 SysCow - ok
10:53:24.0657 13008 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:53:24.0719 13008 Tcpip - ok
10:53:24.0844 13008 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:53:24.0875 13008 TCPIP6 - ok
10:53:24.0984 13008 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:53:25.0000 13008 tcpipreg - ok
10:53:25.0094 13008 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:53:25.0109 13008 TDPIPE - ok
10:53:25.0172 13008 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:53:25.0187 13008 TDTCP - ok
10:53:25.0281 13008 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:53:25.0296 13008 tdx - ok
10:53:25.0374 13008 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:53:25.0390 13008 TermDD - ok
10:53:25.0546 13008 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:25.0546 13008 tssecsrv - ok
10:53:25.0624 13008 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:53:25.0640 13008 TsUsbFlt - ok
10:53:25.0718 13008 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:53:25.0733 13008 tunnel - ok
10:53:25.0796 13008 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:53:25.0811 13008 uagp35 - ok
10:53:25.0905 13008 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:53:25.0920 13008 udfs - ok
10:53:26.0030 13008 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:53:26.0045 13008 uliagpkx - ok
10:53:26.0139 13008 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:53:26.0154 13008 umbus - ok
10:53:26.0232 13008 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:53:26.0232 13008 UmPass - ok
10:53:26.0342 13008 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:53:26.0357 13008 USBAAPL - ok
10:53:26.0451 13008 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:26.0451 13008 usbccgp - ok
10:53:26.0498 13008 USBCCID - ok
10:53:26.0591 13008 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:53:26.0591 13008 usbcir - ok
10:53:26.0685 13008 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:53:26.0700 13008 usbehci - ok
10:53:26.0763 13008 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:53:26.0778 13008 usbhub - ok
10:53:26.0856 13008 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:53:26.0856 13008 usbohci - ok
10:53:26.0950 13008 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:53:26.0950 13008 usbprint - ok
10:53:27.0028 13008 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:27.0028 13008 USBSTOR - ok
10:53:27.0090 13008 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:53:27.0106 13008 usbuhci - ok
10:53:27.0200 13008 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:53:27.0215 13008 usbvideo - ok
10:53:27.0324 13008 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:53:27.0340 13008 vdrvroot - ok
10:53:27.0434 13008 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:27.0434 13008 vga - ok
10:53:27.0496 13008 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:53:27.0512 13008 VgaSave - ok
10:53:27.0590 13008 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:53:27.0605 13008 vhdmp - ok
10:53:27.0699 13008 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:53:27.0699 13008 viaagp - ok
10:53:27.0777 13008 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:53:27.0792 13008 ViaC7 - ok
10:53:27.0870 13008 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:53:27.0886 13008 viaide - ok
10:53:27.0964 13008 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:53:27.0964 13008 volmgr - ok
10:53:28.0058 13008 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:53:28.0073 13008 volmgrx - ok
10:53:28.0167 13008 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:53:28.0198 13008 volsnap - ok
10:53:28.0292 13008 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:53:28.0307 13008 vsmraid - ok
10:53:28.0385 13008 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:53:28.0385 13008 vwifibus - ok
10:53:28.0463 13008 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:53:28.0479 13008 vwififlt - ok
10:53:28.0541 13008 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
10:53:28.0541 13008 vwifimp - ok
10:53:28.0650 13008 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:53:28.0650 13008 WacomPen - ok
10:53:28.0744 13008 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:28.0760 13008 WANARP - ok
10:53:28.0791 13008 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:28.0791 13008 Wanarpv6 - ok
10:53:28.0900 13008 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:53:28.0916 13008 Wd - ok
10:53:28.0994 13008 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:53:29.0040 13008 Wdf01000 - ok
10:53:29.0181 13008 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:29.0196 13008 WfpLwf - ok
10:53:29.0259 13008 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:53:29.0274 13008 WIMMount - ok
10:53:29.0446 13008 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:53:29.0462 13008 WinUsb - ok
10:53:29.0555 13008 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:53:29.0571 13008 WmiAcpi - ok
10:53:29.0696 13008 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:53:29.0711 13008 ws2ifsl - ok
10:53:29.0852 13008 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:53:29.0867 13008 WudfPf - ok
10:53:29.0945 13008 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:29.0961 13008 WUDFRd - ok
10:53:30.0101 13008 MBR (0x1B8) (d645dd0274f8f5c9f4843dec2a01384f) \Device\Harddisk0\DR0
10:53:30.0148 13008 \Device\Harddisk0\DR0 - ok
10:53:30.0164 13008 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1
10:53:30.0179 13008 \Device\Harddisk1\DR1 - ok
10:53:30.0226 13008 Boot (0x1200) (f9634ddcd4910bb6c9b4dd11c2a664ea) \Device\Harddisk0\DR0\Partition0
10:53:30.0226 13008 \Device\Harddisk0\DR0\Partition0 - ok
10:53:30.0273 13008 Boot (0x1200) (8bfbd33162a5b11500ad18f3ebb8b846) \Device\Harddisk0\DR0\Partition1
10:53:30.0273 13008 \Device\Harddisk0\DR0\Partition1 - ok
10:53:30.0304 13008 Boot (0x1200) (b53eba273b940a32abcab166aeb11111) \Device\Harddisk0\DR0\Partition2
10:53:30.0320 13008 \Device\Harddisk0\DR0\Partition2 - ok
10:53:30.0335 13008 Boot (0x1200) (d042a84aefc782814d0d8291e426787a) \Device\Harddisk1\DR1\Partition0
10:53:30.0335 13008 \Device\Harddisk1\DR1\Partition0 - ok
10:53:30.0351 13008 ============================================================
10:53:30.0351 13008 Scan finished
10:53:30.0351 13008 ============================================================
10:53:30.0398 13000 Detected object count: 0
10:53:30.0398 13000 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 13 January 2012 - 11:07 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 11:52 AM

combofix will not run in safe mode either

#10 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 12:25 PM

also a box recently started showing up after every restart saying recycling bin contaminated do i want to empty, even tho bin is already empty.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 13 January 2012 - 03:30 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 03:44 PM

Farbar Service Scanner
Ran by haley (administrator) on 13-01-2012 at 15:41:05
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 13 January 2012 - 04:58 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
afd.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cody7880

cody7880
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 January 2012 - 06:00 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:30 on 13/01/2012 by haley
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Attrib\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 0 bytes [19:06 31/07/2011] [08:40 20/11/2010] D41D8CD98F00B204E9800998ECF8427E
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Attrib\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 0 bytes [18:21 17/06/2011] [02:35 25/04/2011] D41D8CD98F00B204E9800998ECF8427E
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Attrib\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 0 bytes [18:21 17/06/2011] [02:27 25/04/2011] D41D8CD98F00B204E9800998ECF8427E
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Attrib\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 0 bytes [18:21 17/06/2011] [02:18 25/04/2011] D41D8CD98F00B204E9800998ECF8427E
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Attrib\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 0 bytes [18:21 17/06/2011] [03:24 25/04/2011] D41D8CD98F00B204E9800998ECF8427E
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Target\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Target\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [02:18 25/04/2011] 9EBBBA55060F786F0FCAA3893BFA2806
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Target\Windows\System32\drivers\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\System Rollback Data\Restore\Archive\00000014\00000001\0\Target\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\System Rollback Data\Restore\Archive\00000015\00000014\0\Target\Windows\System32\drivers\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [13:49 04/01/2012] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [19:06 31/07/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [01:37 04/01/2012] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [18:21 17/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

-= EOF =-

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:24 PM

Posted 13 January 2012 - 08:50 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys | C:\Windows\system32\Drivers\afd.sys


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users