Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check ... can't get rid of it :(


  • Please log in to reply
14 replies to this topic

#1 MrChris86

MrChris86

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 07 February 2012 - 04:13 PM

Hi all,

I've tried 2 or 3 different tutorials to get rid of System Check Trojan/Malware ... and I think I've got rid of the really nasty parts of it ... but am not 100% that I have ... and I still can't figure out what to click/unclick so that my programmes re-appear on my Start menu.

Can anyone point me in the direction of an absolutely foolproof guide, or offer a little bit of guidance?

If it helps as a starter ... I'm running Windows 7 ... have McAfee ... have run Spybot Search & Destroy ... and a couple of other bits of software that I'm not sure actually did anything lol :crazy:

Thanks very much in advance!
Chris

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 07 February 2012 - 04:32 PM

hello, have you run....
Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 07 February 2012 - 04:55 PM

Hey,

Thanks for the suggestion but I had already run Unhide.

I think I figured out why there is stuff missing from my Start menu ... it just needs "re-pinning" to the Start Menu :clapping: :thumbsup:

Is there anything I can do/any programme I can run to be absolutely certain that I've got rid of all the nasty?

Thanks!
C

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 07 February 2012 - 04:59 PM

Ok that was first(Do Not run a temp file or Registry cleaner)

This will restore the default start menu that came with Windows.

Windows 7 32-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe

Windows 7 64-bit US English
http://download.bleepingcomputer.com/grinler/fakehdd/win7-x64-sm-reset.exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 07 February 2012 - 05:02 PM

We can run or rerun

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.




Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 07 February 2012 - 05:59 PM

TDSS says no infections were found.

Should I move on to aswMBR and MiniToolBox - posting the results for both in my next post? Or should I do aswMBR, post the result, wait for a response ... and then do MiniToolBox?

Thanks!
Chris

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 07 February 2012 - 08:31 PM

Run then post them as they carry different info.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 February 2012 - 03:17 PM

Well I've not got rid of it all together because McAfee is still popping up to say it has stopped a Trojan.

======

Results from MiniToolBox first (aswMBR was taking an age - so I figured I'd stop it - run MiniToolBox - and let you have some results to be getting on with ... will post aswMBR results as soon as I can though!)

======

MiniToolBox by Farbar Version: 18-01-2012
Ran by Sarah (administrator) on 08-02-2012 at 20:05:26
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sarah-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C4-17-FE-2D-C9-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-2D-C9-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::748d:5838:ef6b:487b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 07 February 2012 22:50:19
Lease Expires . . . . . . . . . . : 09 February 2012 18:45:44
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 230955006
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-57-97-3E-00-26-B9-1C-D8-89
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-B9-1C-D8-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:90:1258:a1fa:f55(Preferred)
Link-local IPv6 Address . . . . . : fe80::90:1258:a1fa:f55%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{705C71C5-FCC7-404B-BC72-EC47EFC856BF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5909B8C1-5F18-4673-A5BA-0ACE754C3D27}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: SkyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.229.105
209.85.229.147
209.85.229.99
209.85.229.103
209.85.229.104


Pinging google.com [209.85.229.105] with 32 bytes of data:
Reply from 209.85.229.105: bytes=32 time=259ms TTL=54
Reply from 209.85.229.105: bytes=32 time=31ms TTL=54

Ping statistics for 209.85.229.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 259ms, Average = 145ms
Server: SkyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=224ms TTL=48
Reply from 72.30.2.43: bytes=32 time=180ms TTL=48

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 180ms, Maximum = 224ms, Average = 202ms
Server: SkyRouter.Home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...c4 17 fe 2d c9 31 ......Microsoft Virtual WiFi Miniport Adapter
11...c4 17 fe 2d c9 31 ......Dell Wireless 1397 WLAN Mini-Card
10...00 26 b9 1c d8 89 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
48...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fd:90:1258:a1fa:f55/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::90:1258:a1fa:f55/128
On-link
11 281 fe80::748d:5838:ef6b:487b/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 10 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 10 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/07/2012 10:50:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 09:24:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/07/2012 08:45:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/07/2012 09:24:57 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053

Error: (02/07/2012 09:24:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (02/07/2012 08:41:21 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053

Error: (02/07/2012 08:41:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (02/07/2012 08:35:18 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/07/2012 08:34:21 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/07/2012 08:30:03 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/07/2012 06:58:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/07/2012 06:58:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/07/2012 06:58:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop Lightroom 3.2 64-bit (Version: 3.2.1)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
ATI Catalyst Control Center (Version: 2.009.0908.2224)
µTorrent (Version: 2.2.0)
Bonjour (Version: 2.0.2.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429)
Catalyst Control Center Localization All (Version: 2009.0908.2225.38429)
ccc-core-static (Version: 2009.0908.2225.38429)
ccc-utility64 (Version: 2009.0908.2225.38429)
CCC Help Chinese Standard (Version: 2009.0908.2224.38429)
CCC Help Chinese Traditional (Version: 2009.0908.2224.38429)
CCC Help Danish (Version: 2009.0908.2224.38429)
CCC Help Dutch (Version: 2009.0908.2224.38429)
CCC Help English (Version: 2009.0908.2224.38429)
CCC Help Finnish (Version: 2009.0908.2224.38429)
CCC Help French (Version: 2009.0908.2224.38429)
CCC Help German (Version: 2009.0908.2224.38429)
CCC Help Italian (Version: 2009.0908.2224.38429)
CCC Help Japanese (Version: 2009.0908.2224.38429)
CCC Help Korean (Version: 2009.0908.2224.38429)
CCC Help Norwegian (Version: 2009.0908.2224.38429)
CCC Help Portuguese (Version: 2009.0908.2224.38429)
CCC Help Russian (Version: 2009.0908.2224.38429)
CCC Help Spanish (Version: 2009.0908.2224.38429)
CCC Help Swedish (Version: 2009.0908.2224.38429)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Online (Version: 1.1.0029)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 7.102.101.303)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
GoToAssist 8.0.0.514
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.018)
HTC Sync (Version: 3.0.5617)
iTunes (Version: 9.2.1.4)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 16 (64-bit) (Version: 6.0.160)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee SecurityCenter (Version: 11.0.654)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Multi Unlock Client (Version: 32.00)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.11)
QuickTime (Version: 7.66.71.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5951)
Remote Control USB Driver (Version: 2.3.2.317)
Roxio Burn (Version: 1.01)
Skins (Version: 2009.0908.2225.38429)
Skype™ 5.0 (Version: 5.0.152)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.4.3)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
The Sims 2
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3956.52 MB
Available physical RAM: 1695.39 MB
Total Pagefile: 7911.24 MB
Available Pagefile: 4515.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.3 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:8.98 GB) NTFS
2 Drive d: () (Fixed) (Total:229.63 GB) (Free:229.54 GB) NTFS
3 Drive e: (3711521383) (CDROM) (Total:7.24 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SARAH-PC

Administrator Guest Sarah


**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 08 February 2012 - 05:11 PM

Lets do this then,,,


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 February 2012 - 06:07 PM

aswMBR finished eventually ... log below ... I'll now restart into safe mode and try the above steps

====================

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 21:34:46
-----------------------------
21:34:46.962 OS Version: Windows x64 6.1.7601 Service Pack 1
21:34:46.962 Number of processors: 4 586 0x2502
21:34:46.962 ComputerName: SARAH-PC UserName: Sarah
21:34:47.805 Initialize success
21:34:53.920 AVAST engine defs: 12020800
21:34:59.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:34:59.364 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
21:34:59.380 Disk 0 MBR read successfully
21:34:59.380 Disk 0 MBR scan
21:34:59.395 Disk 0 Windows VISTA default MBR code
21:34:59.411 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:34:59.427 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
21:34:59.442 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
21:34:59.458 Disk 0 Partition - 00 0F Extended LBA 235143 MB offset 143566848
21:34:59.489 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 235142 MB offset 143568896
21:34:59.505 Service scanning
21:35:04.637 Modules scanning
21:35:04.637 Disk 0 trace - called modules:
21:35:04.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:35:04.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1b060]
21:35:04.715 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004932550]
21:35:05.417 AVAST engine scan C:\Windows
21:35:07.882 AVAST engine scan C:\Windows\system32
21:38:46.719 AVAST engine scan C:\Windows\system32\drivers
21:39:07.873 AVAST engine scan C:\Users\Sarah
21:49:35.446 AVAST engine scan C:\ProgramData
22:51:22.262 Scan finished successfully
23:03:32.581 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
23:03:32.597 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"

#11 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 February 2012 - 06:41 PM

Run RKill....


[*] If nothing happens or if the tool does not run, please let me know in your next reply
[/list]
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


RKill did run ... and said:

==========

Processes terminated by Rkill or while it was running:
C:\Windows\SysWOW64\rundll32.exe

==========

[*]Run TDSSKiller.exe.
[*]When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
[*]Let reboot if needed and tell me if the tool needed a reboot.
[*]Click on Report and post the contents of the text file that will open.


TDSS ran ... and found 0 things to be cured/deleted ... so didn't get the option to cure/delete ... and didn't need a reboot.

Copy of the Report below:

==============

23:31:37.0582 2100 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
23:31:37.0816 2100 ============================================================
23:31:37.0816 2100 Current date / time: 2012/02/08 23:31:37.0816
23:31:37.0816 2100 SystemInfo:
23:31:37.0816 2100
23:31:37.0816 2100 OS Version: 6.1.7601 ServicePack: 1.0
23:31:37.0816 2100 Product type: Workstation
23:31:37.0816 2100 ComputerName: SARAH-PC
23:31:37.0816 2100 UserName: Sarah
23:31:37.0816 2100 Windows directory: C:\Windows
23:31:37.0816 2100 System windows directory: C:\Windows
23:31:37.0816 2100 Running under WOW64
23:31:37.0816 2100 Processor architecture: Intel x64
23:31:37.0816 2100 Number of processors: 4
23:31:37.0816 2100 Page size: 0x1000
23:31:37.0816 2100 Boot type: Safe boot with network
23:31:37.0816 2100 ============================================================
23:31:38.0893 2100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:38.0908 2100 \Device\Harddisk0\DR0:
23:31:38.0908 2100 MBR used
23:31:38.0908 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
23:31:38.0908 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
23:31:38.0924 2100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x1CB43000
23:31:38.0986 2100 Initialize success
23:31:38.0986 2100 ============================================================
23:31:55.0413 2216 ============================================================
23:31:55.0413 2216 Scan started
23:31:55.0413 2216 Mode: Manual;
23:31:55.0413 2216 ============================================================
23:31:56.0349 2216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:31:56.0349 2216 1394ohci - ok
23:31:56.0396 2216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:31:56.0396 2216 ACPI - ok
23:31:56.0443 2216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:31:56.0443 2216 AcpiPmi - ok
23:31:56.0505 2216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:31:56.0505 2216 adp94xx - ok
23:31:56.0536 2216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:31:56.0536 2216 adpahci - ok
23:31:56.0568 2216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:31:56.0568 2216 adpu320 - ok
23:31:56.0646 2216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:31:56.0646 2216 AFD - ok
23:31:56.0692 2216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:31:56.0692 2216 agp440 - ok
23:31:56.0755 2216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:31:56.0755 2216 aliide - ok
23:31:56.0770 2216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:31:56.0770 2216 amdide - ok
23:31:56.0833 2216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:31:56.0833 2216 AmdK8 - ok
23:31:56.0864 2216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:31:56.0864 2216 AmdPPM - ok
23:31:56.0911 2216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:31:56.0911 2216 amdsata - ok
23:31:56.0942 2216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:31:56.0942 2216 amdsbs - ok
23:31:56.0989 2216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:31:56.0989 2216 amdxata - ok
23:31:57.0036 2216 androidusb (fad35699987baa96e22e13b24ff44769) C:\Windows\system32\Drivers\androidusb.sys
23:31:57.0036 2216 androidusb - ok
23:31:57.0082 2216 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:31:57.0082 2216 ApfiltrService - ok
23:31:57.0145 2216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:31:57.0145 2216 AppID - ok
23:31:57.0223 2216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:31:57.0223 2216 arc - ok
23:31:57.0223 2216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:31:57.0223 2216 arcsas - ok
23:31:57.0254 2216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:31:57.0254 2216 AsyncMac - ok
23:31:57.0301 2216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:31:57.0301 2216 atapi - ok
23:31:57.0316 2216 athur - ok
23:31:57.0379 2216 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
23:31:57.0379 2216 AtiHdmiService - ok
23:31:57.0550 2216 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
23:31:57.0582 2216 atikmdag - ok
23:31:57.0644 2216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:31:57.0660 2216 b06bdrv - ok
23:31:57.0691 2216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:31:57.0691 2216 b57nd60a - ok
23:31:57.0722 2216 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
23:31:57.0722 2216 BCM42RLY - ok
23:31:57.0816 2216 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:31:57.0831 2216 BCM43XX - ok
23:31:57.0894 2216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:31:57.0894 2216 Beep - ok
23:31:57.0956 2216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:31:57.0956 2216 blbdrive - ok
23:31:58.0018 2216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:31:58.0018 2216 bowser - ok
23:31:58.0050 2216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:31:58.0050 2216 BrFiltLo - ok
23:31:58.0081 2216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:31:58.0081 2216 BrFiltUp - ok
23:31:58.0128 2216 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:31:58.0128 2216 BridgeMP - ok
23:31:58.0159 2216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:31:58.0159 2216 Brserid - ok
23:31:58.0174 2216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:31:58.0174 2216 BrSerWdm - ok
23:31:58.0206 2216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:31:58.0206 2216 BrUsbMdm - ok
23:31:58.0221 2216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:31:58.0221 2216 BrUsbSer - ok
23:31:58.0268 2216 bthav (0b2ee8b36081c1039ea3d20b952a8ddc) C:\Windows\system32\drivers\bthav.sys
23:31:58.0268 2216 bthav - ok
23:31:58.0330 2216 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
23:31:58.0330 2216 BthAvrcp - ok
23:31:58.0393 2216 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:31:58.0393 2216 BthEnum - ok
23:31:58.0455 2216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:31:58.0455 2216 BTHMODEM - ok
23:31:58.0502 2216 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:31:58.0502 2216 BthPan - ok
23:31:58.0564 2216 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:31:58.0564 2216 BTHPORT - ok
23:31:58.0611 2216 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:31:58.0611 2216 BTHUSB - ok
23:31:58.0642 2216 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
23:31:58.0642 2216 btwaudio - ok
23:31:58.0689 2216 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
23:31:58.0689 2216 btwavdt - ok
23:31:58.0752 2216 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:31:58.0752 2216 btwl2cap - ok
23:31:58.0767 2216 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
23:31:58.0767 2216 btwrchid - ok
23:31:58.0798 2216 catchme - ok
23:31:58.0830 2216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:31:58.0830 2216 cdfs - ok
23:31:58.0892 2216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:31:58.0892 2216 cdrom - ok
23:31:58.0954 2216 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
23:31:58.0970 2216 cfwids - ok
23:31:59.0032 2216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:31:59.0032 2216 circlass - ok
23:31:59.0064 2216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:31:59.0064 2216 CLFS - ok
23:31:59.0142 2216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:31:59.0142 2216 CmBatt - ok
23:31:59.0188 2216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:31:59.0188 2216 cmdide - ok
23:31:59.0235 2216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:31:59.0235 2216 CNG - ok
23:31:59.0266 2216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:31:59.0266 2216 Compbatt - ok
23:31:59.0329 2216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:31:59.0329 2216 CompositeBus - ok
23:31:59.0360 2216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:31:59.0360 2216 crcdisk - ok
23:31:59.0391 2216 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:31:59.0391 2216 CtClsFlt - ok
23:31:59.0438 2216 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
23:31:59.0438 2216 ctxusbm - ok
23:31:59.0516 2216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:31:59.0516 2216 DfsC - ok
23:31:59.0547 2216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:31:59.0547 2216 discache - ok
23:31:59.0578 2216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:31:59.0578 2216 Disk - ok
23:31:59.0641 2216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:31:59.0641 2216 drmkaud - ok
23:31:59.0703 2216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:31:59.0703 2216 DXGKrnl - ok
23:31:59.0812 2216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:31:59.0812 2216 ebdrv - ok
23:31:59.0859 2216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:31:59.0859 2216 elxstor - ok
23:31:59.0890 2216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:31:59.0890 2216 ErrDev - ok
23:31:59.0937 2216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:31:59.0937 2216 exfat - ok
23:31:59.0968 2216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:31:59.0968 2216 fastfat - ok
23:32:00.0015 2216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:32:00.0015 2216 fdc - ok
23:32:00.0046 2216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:32:00.0046 2216 FileInfo - ok
23:32:00.0046 2216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:32:00.0062 2216 Filetrace - ok
23:32:00.0093 2216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:32:00.0093 2216 flpydisk - ok
23:32:00.0156 2216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:32:00.0156 2216 FltMgr - ok
23:32:00.0171 2216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:32:00.0171 2216 FsDepends - ok
23:32:00.0202 2216 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:32:00.0202 2216 fssfltr - ok
23:32:00.0218 2216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:32:00.0218 2216 Fs_Rec - ok
23:32:00.0280 2216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:32:00.0280 2216 fvevol - ok
23:32:00.0312 2216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:32:00.0312 2216 gagp30kx - ok
23:32:00.0358 2216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:00.0374 2216 GEARAspiWDM - ok
23:32:00.0405 2216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:32:00.0405 2216 hcw85cir - ok
23:32:00.0452 2216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:32:00.0452 2216 HDAudBus - ok
23:32:00.0499 2216 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:32:00.0499 2216 HECIx64 - ok
23:32:00.0530 2216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:32:00.0530 2216 HidBatt - ok
23:32:00.0546 2216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:32:00.0546 2216 HidBth - ok
23:32:00.0577 2216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:32:00.0577 2216 HidIr - ok
23:32:00.0624 2216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:32:00.0624 2216 HidUsb - ok
23:32:00.0686 2216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:32:00.0686 2216 HpSAMD - ok
23:32:00.0764 2216 HTCAND64 (fad35699987baa96e22e13b24ff44769) C:\Windows\system32\Drivers\ANDROIDUSB.sys
23:32:00.0764 2216 HTCAND64 - ok
23:32:00.0826 2216 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
23:32:00.0826 2216 htcnprot - ok
23:32:00.0904 2216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:32:00.0904 2216 HTTP - ok
23:32:00.0951 2216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:32:00.0951 2216 hwpolicy - ok
23:32:00.0998 2216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:32:00.0998 2216 i8042prt - ok
23:32:01.0060 2216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:32:01.0060 2216 iaStorV - ok
23:32:01.0092 2216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:32:01.0092 2216 iirsp - ok
23:32:01.0138 2216 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
23:32:01.0138 2216 Impcd - ok
23:32:01.0216 2216 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
23:32:01.0216 2216 IntcAzAudAddService - ok
23:32:01.0263 2216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:32:01.0263 2216 intelide - ok
23:32:01.0294 2216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:32:01.0294 2216 intelppm - ok
23:32:01.0341 2216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:01.0341 2216 IpFilterDriver - ok
23:32:01.0388 2216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:32:01.0388 2216 IPMIDRV - ok
23:32:01.0419 2216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:32:01.0419 2216 IPNAT - ok
23:32:01.0466 2216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:32:01.0466 2216 IRENUM - ok
23:32:01.0497 2216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:32:01.0497 2216 isapnp - ok
23:32:01.0544 2216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:32:01.0544 2216 iScsiPrt - ok
23:32:01.0591 2216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:32:01.0591 2216 kbdclass - ok
23:32:01.0638 2216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:32:01.0638 2216 kbdhid - ok
23:32:01.0684 2216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:32:01.0684 2216 KSecDD - ok
23:32:01.0716 2216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:32:01.0716 2216 KSecPkg - ok
23:32:01.0762 2216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:32:01.0762 2216 ksthunk - ok
23:32:01.0794 2216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:32:01.0794 2216 lltdio - ok
23:32:01.0856 2216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:32:01.0856 2216 LSI_FC - ok
23:32:01.0856 2216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:32:01.0856 2216 LSI_SAS - ok
23:32:01.0887 2216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:32:01.0887 2216 LSI_SAS2 - ok
23:32:01.0918 2216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:32:01.0918 2216 LSI_SCSI - ok
23:32:01.0950 2216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:32:01.0950 2216 luafv - ok
23:32:02.0059 2216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:32:02.0059 2216 megasas - ok
23:32:02.0090 2216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:32:02.0090 2216 MegaSR - ok
23:32:02.0121 2216 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
23:32:02.0121 2216 mfeapfk - ok
23:32:02.0168 2216 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
23:32:02.0168 2216 mfeavfk - ok
23:32:02.0215 2216 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
23:32:02.0215 2216 mfefirek - ok
23:32:02.0246 2216 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
23:32:02.0262 2216 mfehidk - ok
23:32:02.0293 2216 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:32:02.0293 2216 mfenlfk - ok
23:32:02.0324 2216 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
23:32:02.0324 2216 mferkdet - ok
23:32:02.0371 2216 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
23:32:02.0371 2216 mfewfpk - ok
23:32:02.0418 2216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:32:02.0418 2216 Modem - ok
23:32:02.0449 2216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:32:02.0449 2216 monitor - ok
23:32:02.0496 2216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:32:02.0496 2216 mouclass - ok
23:32:02.0542 2216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:32:02.0542 2216 mouhid - ok
23:32:02.0589 2216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:32:02.0589 2216 mountmgr - ok
23:32:02.0620 2216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:32:02.0620 2216 mpio - ok
23:32:02.0652 2216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:32:02.0652 2216 mpsdrv - ok
23:32:02.0683 2216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:32:02.0683 2216 MRxDAV - ok
23:32:02.0730 2216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:02.0730 2216 mrxsmb - ok
23:32:02.0776 2216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:02.0776 2216 mrxsmb10 - ok
23:32:02.0792 2216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:02.0792 2216 mrxsmb20 - ok
23:32:02.0839 2216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:32:02.0839 2216 msahci - ok
23:32:02.0886 2216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:32:02.0886 2216 msdsm - ok
23:32:02.0948 2216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:32:02.0948 2216 Msfs - ok
23:32:02.0964 2216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:32:02.0964 2216 mshidkmdf - ok
23:32:03.0010 2216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:32:03.0010 2216 msisadrv - ok
23:32:03.0073 2216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:32:03.0073 2216 MSKSSRV - ok
23:32:03.0088 2216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:03.0088 2216 MSPCLOCK - ok
23:32:03.0104 2216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:32:03.0104 2216 MSPQM - ok
23:32:03.0151 2216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:32:03.0151 2216 MsRPC - ok
23:32:03.0182 2216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:32:03.0198 2216 mssmbios - ok
23:32:03.0229 2216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:32:03.0229 2216 MSTEE - ok
23:32:03.0244 2216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:32:03.0244 2216 MTConfig - ok
23:32:03.0276 2216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:32:03.0276 2216 Mup - ok
23:32:03.0307 2216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:32:03.0307 2216 NativeWifiP - ok
23:32:03.0385 2216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:32:03.0385 2216 NDIS - ok
23:32:03.0400 2216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:32:03.0416 2216 NdisCap - ok
23:32:03.0447 2216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:03.0447 2216 NdisTapi - ok
23:32:03.0494 2216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:03.0494 2216 Ndisuio - ok
23:32:03.0556 2216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:03.0556 2216 NdisWan - ok
23:32:03.0603 2216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:32:03.0603 2216 NDProxy - ok
23:32:03.0650 2216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:32:03.0650 2216 NetBIOS - ok
23:32:03.0712 2216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:32:03.0712 2216 NetBT - ok
23:32:03.0759 2216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:32:03.0775 2216 nfrd960 - ok
23:32:03.0790 2216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:32:03.0790 2216 Npfs - ok
23:32:03.0822 2216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:32:03.0822 2216 nsiproxy - ok
23:32:03.0900 2216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:32:03.0900 2216 Ntfs - ok
23:32:03.0915 2216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:32:03.0915 2216 Null - ok
23:32:03.0962 2216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:32:03.0962 2216 nvraid - ok
23:32:04.0009 2216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:32:04.0009 2216 nvstor - ok
23:32:04.0071 2216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:32:04.0071 2216 nv_agp - ok
23:32:04.0118 2216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:32:04.0118 2216 ohci1394 - ok
23:32:04.0165 2216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:32:04.0165 2216 Parport - ok
23:32:04.0212 2216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:32:04.0212 2216 partmgr - ok
23:32:04.0305 2216 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:32:04.0305 2216 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:32:04.0399 2216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:32:04.0399 2216 pci - ok
23:32:04.0430 2216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:32:04.0446 2216 pciide - ok
23:32:04.0477 2216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:32:04.0477 2216 pcmcia - ok
23:32:04.0492 2216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:32:04.0492 2216 pcw - ok
23:32:04.0524 2216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:32:04.0524 2216 PEAUTH - ok
23:32:04.0617 2216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:32:04.0617 2216 PptpMiniport - ok
23:32:04.0633 2216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:32:04.0648 2216 Processor - ok
23:32:04.0711 2216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:32:04.0711 2216 Psched - ok
23:32:04.0726 2216 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:32:04.0726 2216 PxHlpa64 - ok
23:32:04.0789 2216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:32:04.0804 2216 ql2300 - ok
23:32:04.0836 2216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:32:04.0836 2216 ql40xx - ok
23:32:04.0851 2216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:32:04.0851 2216 QWAVEdrv - ok
23:32:04.0882 2216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:32:04.0882 2216 RasAcd - ok
23:32:04.0914 2216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:32:04.0914 2216 RasAgileVpn - ok
23:32:04.0976 2216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:04.0976 2216 Rasl2tp - ok
23:32:05.0007 2216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:05.0007 2216 RasPppoe - ok
23:32:05.0038 2216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:32:05.0038 2216 RasSstp - ok
23:32:05.0085 2216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:32:05.0085 2216 rdbss - ok
23:32:05.0116 2216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:32:05.0116 2216 rdpbus - ok
23:32:05.0132 2216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:05.0148 2216 RDPCDD - ok
23:32:05.0163 2216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:32:05.0163 2216 RDPENCDD - ok
23:32:05.0194 2216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:32:05.0194 2216 RDPREFMP - ok
23:32:05.0241 2216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:32:05.0241 2216 RDPWD - ok
23:32:05.0304 2216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:32:05.0304 2216 rdyboost - ok
23:32:05.0350 2216 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:32:05.0350 2216 RFCOMM - ok
23:32:05.0413 2216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:32:05.0413 2216 rspndr - ok
23:32:05.0460 2216 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
23:32:05.0460 2216 RSUSBSTOR - ok
23:32:05.0522 2216 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:32:05.0522 2216 RTL8167 - ok
23:32:05.0584 2216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:32:05.0584 2216 sbp2port - ok
23:32:05.0631 2216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:32:05.0647 2216 scfilter - ok
23:32:05.0725 2216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:32:05.0725 2216 secdrv - ok
23:32:05.0772 2216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:32:05.0772 2216 Serenum - ok
23:32:05.0787 2216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:32:05.0787 2216 Serial - ok
23:32:05.0818 2216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:32:05.0818 2216 sermouse - ok
23:32:05.0865 2216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:32:05.0865 2216 sffdisk - ok
23:32:05.0896 2216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:32:05.0896 2216 sffp_mmc - ok
23:32:05.0943 2216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:32:05.0943 2216 sffp_sd - ok
23:32:05.0959 2216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:32:05.0959 2216 sfloppy - ok
23:32:06.0006 2216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:32:06.0006 2216 SiSRaid2 - ok
23:32:06.0021 2216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:32:06.0021 2216 SiSRaid4 - ok
23:32:06.0068 2216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:32:06.0068 2216 Smb - ok
23:32:06.0115 2216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:32:06.0115 2216 spldr - ok
23:32:06.0162 2216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:32:06.0162 2216 srv - ok
23:32:06.0193 2216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:32:06.0193 2216 srv2 - ok
23:32:06.0224 2216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:32:06.0224 2216 srvnet - ok
23:32:06.0255 2216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:32:06.0255 2216 stexstor - ok
23:32:06.0286 2216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:32:06.0286 2216 swenum - ok
23:32:06.0380 2216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:32:06.0396 2216 Tcpip - ok
23:32:06.0458 2216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:32:06.0474 2216 TCPIP6 - ok
23:32:06.0520 2216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:32:06.0520 2216 tcpipreg - ok
23:32:06.0552 2216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:32:06.0552 2216 TDPIPE - ok
23:32:06.0567 2216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:32:06.0567 2216 TDTCP - ok
23:32:06.0614 2216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:32:06.0614 2216 tdx - ok
23:32:06.0661 2216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:32:06.0661 2216 TermDD - ok
23:32:06.0754 2216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:06.0754 2216 tssecsrv - ok
23:32:06.0801 2216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:32:06.0801 2216 TsUsbFlt - ok
23:32:06.0879 2216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:32:06.0879 2216 tunnel - ok
23:32:06.0910 2216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:32:06.0910 2216 uagp35 - ok
23:32:06.0957 2216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:32:06.0957 2216 udfs - ok
23:32:07.0020 2216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:32:07.0020 2216 uliagpkx - ok
23:32:07.0066 2216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:32:07.0066 2216 umbus - ok
23:32:07.0098 2216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:32:07.0098 2216 UmPass - ok
23:32:07.0160 2216 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
23:32:07.0160 2216 USBAAPL64 - ok
23:32:07.0207 2216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:07.0207 2216 usbccgp - ok
23:32:07.0269 2216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:32:07.0269 2216 usbcir - ok
23:32:07.0300 2216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:32:07.0300 2216 usbehci - ok
23:32:07.0363 2216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:32:07.0378 2216 usbhub - ok
23:32:07.0410 2216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:32:07.0410 2216 usbohci - ok
23:32:07.0441 2216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:32:07.0441 2216 usbprint - ok
23:32:07.0488 2216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:07.0488 2216 USBSTOR - ok
23:32:07.0534 2216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:32:07.0534 2216 usbuhci - ok
23:32:07.0581 2216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:32:07.0581 2216 usbvideo - ok
23:32:07.0628 2216 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
23:32:07.0628 2216 usb_rndisx - ok
23:32:07.0706 2216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:32:07.0706 2216 vdrvroot - ok
23:32:07.0722 2216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:07.0722 2216 vga - ok
23:32:07.0768 2216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:32:07.0768 2216 VgaSave - ok
23:32:07.0815 2216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:32:07.0815 2216 vhdmp - ok
23:32:07.0862 2216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:32:07.0862 2216 viaide - ok
23:32:07.0893 2216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:32:07.0893 2216 volmgr - ok
23:32:07.0956 2216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:32:07.0956 2216 volmgrx - ok
23:32:08.0002 2216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:32:08.0002 2216 volsnap - ok
23:32:08.0034 2216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:32:08.0049 2216 vsmraid - ok
23:32:08.0080 2216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:32:08.0080 2216 vwifibus - ok
23:32:08.0096 2216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:32:08.0096 2216 vwififlt - ok
23:32:08.0143 2216 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:32:08.0143 2216 vwifimp - ok
23:32:08.0158 2216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:32:08.0158 2216 WacomPen - ok
23:32:08.0221 2216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:08.0221 2216 WANARP - ok
23:32:08.0236 2216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:08.0236 2216 Wanarpv6 - ok
23:32:08.0283 2216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:32:08.0283 2216 Wd - ok
23:32:08.0314 2216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:32:08.0314 2216 Wdf01000 - ok
23:32:08.0346 2216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:32:08.0346 2216 WfpLwf - ok
23:32:08.0377 2216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:32:08.0392 2216 WIMMount - ok
23:32:08.0486 2216 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:32:08.0486 2216 WinUsb - ok
23:32:08.0580 2216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:32:08.0580 2216 WmiAcpi - ok
23:32:08.0626 2216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:32:08.0626 2216 ws2ifsl - ok
23:32:08.0673 2216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:32:08.0673 2216 WudfPf - ok
23:32:08.0720 2216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:32:08.0720 2216 WUDFRd - ok
23:32:08.0798 2216 zghsmdm (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsmdm.sys
23:32:08.0798 2216 zghsmdm - ok
23:32:08.0845 2216 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:32:08.0923 2216 \Device\Harddisk0\DR0 - ok
23:32:08.0923 2216 Boot (0x1200) (d1e359ba00c9a6926f4af7e0535e80e1) \Device\Harddisk0\DR0\Partition0
23:32:08.0923 2216 \Device\Harddisk0\DR0\Partition0 - ok
23:32:08.0938 2216 Boot (0x1200) (648a5e096581ccef30c7bbc0de874e61) \Device\Harddisk0\DR0\Partition1
23:32:08.0938 2216 \Device\Harddisk0\DR0\Partition1 - ok
23:32:08.0954 2216 Boot (0x1200) (0842c55b0e2fae99b5b21177d823770e) \Device\Harddisk0\DR0\Partition2
23:32:08.0954 2216 \Device\Harddisk0\DR0\Partition2 - ok
23:32:08.0954 2216 ============================================================
23:32:08.0954 2216 Scan finished
23:32:08.0954 2216 ============================================================
23:32:08.0970 1304 Detected object count: 0
23:32:08.0970 1304 Actual detected object count: 0
23:32:12.0760 1388 Deinitialize success

============

Will move on to MBAM now

#12 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 08 February 2012 - 07:03 PM

MBAM log:

====================

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [administrator]

08/02/2012 23:45:33
mbam-log-2012-02-08 (23-45-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183580
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 08 February 2012 - 08:14 PM

Well that clean,,, What symptoms are you having?

Edited by boopme, 08 February 2012 - 08:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 MrChris86

MrChris86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 12 February 2012 - 06:13 AM

Apologies for the delayed response - I've not been on the computer the last few days to see whether it had any residual problems or not.

In the most part - it seems absolutely fine.

I'm still having the very occasional pop up from McAfee to say it stopped a Trojan entering. I suppose so long as McAfee is stopping them - I don't have a real issue ... but why am I having the pop-up's all of a sudden when I've never had them before?

Also - I'm getting the odd pop up to say "McAfee Real Time Scanning has been disabled - click here to re-enable" ... so is something residual on the machine auto-disabling my virus scanner?

Thanks for all your assistance this far - really appreciate it :)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 12 February 2012 - 01:38 PM

To be sure there is not a hidden or protected rootkit running.... Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users